Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I find it hilarious that at the end of the post it says "Contact me securely" and goes on to give a PGP fingerprint. All while being served up via http...


It's up to you to check the Web of trust of this fingerprint. It being served over HTTP is not an issue at all. Even in Trust on First Use I would argue delivering over HTTP is not an issue.


It is an issue because you could MITM this and give a different address and fingerprint. This seems highly unlikely but is possible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: