Re: Beware of the Man in the Middle (Kingdom)
> How are these published hashes going to reach you? Over the Internet?
The whole point of hashes / fingerprints is that you compare the one being presented with the one that you already have, obtained via a different channel.
E.g., for OTR or my public key fingerprint, I usually either give them in person, enter them myself into my contact's computer, or send them via SMS.
Scaling this could be a wee bit of a problem though, even if we take to large scale signing of each other's keys, PGP-style.
Biting the hand that feeds IT
