Secrecy and user trust
Bruno Wolff III
bruno at wolff.to
Wed Sep 3 18:49:55 UTC 2008
On Wed, Sep 03, 2008 at 14:12:47 -0430,
Patrick O'Callaghan <pocallaghan at gmail.com> wrote:
> On Wed, 2008-09-03 at 10:30 -0400, Bill Davidsen wrote:
> > hardest of all find a secure way to provide the public part of the
> > signing key
>
> The whole point about asymmetric encryption is that you don't need a
> secure distribution channel. The worst that can happen is that some fake
> public key gets distributed, which won't match the private key and hence
> will be instantly detectable.
You still need a secure channel. What is changed is that it only needs
protection for integrity, not eavesdropping. The worst case is actually a
man in the middle attack.
More information about the fedora-list
mailing list