Reply to post: Re: Beware of the Man in the Middle (Kingdom)

Mozilla piles on China's SSL cert overlord: We don't trust you either

Anonymous Coward
Anonymous Coward

Re: Beware of the Man in the Middle (Kingdom)

> How are these published hashes going to reach you? Over the Internet?

The whole point of hashes / fingerprints is that you compare the one being presented with the one that you already have, obtained via a different channel.

E.g., for OTR or my public key fingerprint, I usually either give them in person, enter them myself into my contact's computer, or send them via SMS.

Scaling this could be a wee bit of a problem though, even if we take to large scale signing of each other's keys, PGP-style.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019