Quote from: nomodeset on July 31, 2012, 12:10 amA good analogy. But what if a corrupted russian mailman knows that nothing but diamond rings are sent in strongboxes and intercepts the locked box sent to Natasha on the very first step. Then he goes to the flea market, buys a similarly looking strongbox and attaches his padlock to it. Then Natasha receives a fake strongbox with the mailman's padlock, attaches her own padlock to the metal hasp of the still locked strongbox and returns it via the same mailman to Boris. The mailman intercepts the fake strongbox, tosses it off and attaches his padlock again to the real strongbox. Finally, Boris receives the strongbox with the mailman's padlock and takes off his padlock, sends back the box to Natasha and the mailman intercepts the box again. That's it! The diamond ring was stolen.In other words, is there any way to trust that the public key belongs to the person or entity claimed and has not been replaced by a "man-in-the-middle"?Haha, you would make a good Russian! The hack got reverse hacked! I must admit I didn't think of that possibility in the instance of this analogy.You mean proving you are who you say you are upon initial contact? No... I don't think there is. Not with PGP all by itself at any rate. It is possible to do it by building a reputation system outside of your initial communication e.g. the PGP key servers, where you could build a web of trust system thing. And then that itself is not immune either to a particularly determined adversary with huge resources, although it gets geometrically unlikely you'll pull that hack off I think. But otherwise it's a thorny problem with no easy and simple answer unless everybody loses their anonymity and gets PGP public keys generated with some relationship to biometric data (also possible in the near future if not already, but also likely hackable). Actually, forget that, that's probably a horrible idea.Happily though, immediately after 1st contact with somebody, you can then ensure further communications do come from that same person by using PGP signatures. For our purposes on SR, that is good enough because we by default trust that we can't trust anybody here due to anonymity.