[jdev] Re: JEP-0027 (OpenPGP) implementation question
Remko Troncon
remko at el-tramo.be
Sun Mar 5 01:56:23 CST 2006
On 04 Mar 2006, at 23:19, Michal Vaner (Vorner) wrote:
> the point with PGP is that user checks and signs the key (if he
> trusts it).
> Therefore, key exchange can not happen automatically, since it
> would break
> one of the main idea of PGP, that user knows who he is encrypting to.
Key exchange and key signing are still different things. Before you
can start thinking about trust and signing, you still need to
exchange your keys, which might be automated by your jabber client
for more comfort. Of course, when using the key, your Jabber client
should tell you that your key has not been signed and/or isn't
trusted yet.
cheers,
Remko
More information about the JDev
mailing list