--Ytgo/kJyDF3J5kSH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 25, 2005 at 10:00:57PM -0400, Steven M. Bellovin wrote:
> Second -- how does the server authenticate the application that's=20
> asking for a key?  That is, how does it know that it's bpg and not some=
=20
> Trojan horse that's been lurking in the background? =20

One answer to this can be that it doesn't.  At least in the signing
case, the user authenticates the data the app is requesting to be
signed, for example.  Again, the presentation / human factors issues
are the hard part.

--
Dan.

--Ytgo/kJyDF3J5kSH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFC5Z0vEAVxvV4N66cRAlSwAJ4gSKzIKzcLmVUsSkVmzEescWLP8gCg5qhL
Bmliudjfx/1q8uVBX+rw4NU=
=T/Tf
-----END PGP SIGNATURE-----

--Ytgo/kJyDF3J5kSH--