Singapore Government Hackers Love to Hack Teo En Ming's Computers, Smartphones, and Internet Online Accounts
silver.bullet at zoho.com
silver.bullet at zoho.com
Sun Aug 9 10:58:17 UTC 2015
On Sun, 9 Aug 2015 12:53:26 +0200, silver.bullet at zoho.com wrote:
>Note, there are two things you need to trust.
>
>1. Do you trust an ISO signed by Donald Duck?
>
>Assumed you do, you need the public key of Donald Duck.
>
>2. You need to trust that the key is really owned by Donald Duck.
>
>You can trust the key of Donald Duck if you got the key from him,
>instead of downloading it from a key server, or because you got a key
>from Daisy Duck and you trust Daisy Duck, while her key confirms that
>the key you own from Donald Duck, is really the key from Donald Duck
>and not just a faked key owned by Gladstone Gander.
Bad wording, a key from Gladstone Gander isn't a faked key (a key is
just a key), but the key might claim to be from another owner, e.g.
from Donald Duck. However, since you own Daisy's key you can verify if
a key you downloaded belongs to Donald or not.
More information about the ubuntu-users
mailing list