Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The site does not use HTTPS (TLS) so that public key is completely useless.


What is your threat model?

Is a TLA going to MITM all connections to incoherency.co.uk in order to read OpenGPG-encrypted mails? That's not very realistic.

I'm not saying that the way the key is being distributed is perfect, but I wouldn't say it's "completely useless".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: