Re: [Tails-dev] [RFC] WhisperBack for frontdesk
|This message is part of the following thread:|
|the complete thread tree sorted by date|
>> b) or, the user is reporting a bug from a system where they don't use >> OpenPGP, but they have an OpenPGP key on another system => how do >> we make sure they properly validate the key found on the >> keyservers?
>> Even assuming they have a second computer running, that >> hosts their OpenPGP key, they would need to compare fingerprints >> digit-by-digit. Unless you had some QRcode -based solution in mind, >> or something similar, I don't believe most users will actually >> verify the key that's available on the keyservers, so the problem >> boils down to: is picking a key that "looks like mine" from the >> keyservers better than cleartext email? This last question is >> a real one, not a rhetorical one: I don't know the answer. It's the >> good old "let's maybe add some security" problem, mislead feelings >> of security, etc., you know the drill.