Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

[ja] Remove unnecessary translator's note #662

Merged
merged 1 commit into from Feb 5, 2014

Conversation

Projects
None yet
3 participants
Contributor

rinopo commented Feb 5, 2014

A public key is public by nature. No need to worry about sending it over email.

@rinopo rinopo [ja] Remove unnecessary translator's note
A public key is public by nature. No need to worry about sending it over email.
9435a5f

@jnavila jnavila added a commit that referenced this pull request Feb 5, 2014

@jnavila jnavila Merge pull request #662 from rinopo/patch-1
[ja] Remove unnecessary translator's note
ca80d8e

@jnavila jnavila merged commit ca80d8e into progit:master Feb 5, 2014

1 check passed

default The Travis CI build passed
Details
Contributor

rinopo commented Feb 6, 2014

Thanks!

According to the discussion progit-ja/progit#7 referenced above (of which I wasn't aware when I posted my PR), there indeed is some risk about sending public keys over email: with plain email you can't really tell who really sent you the public key you receive.

Let's say Eve somehow knew that Bob is expecting to receive a public key from Alice via email. Eve may send her own public key to Bob pretending to be Alice, and Bob, not being able to uncover it, might allow Eve to let in instead of Alice.

You should either sign your email with PGP or have your key authorized by a CA to prevent this.

Although a thorough explanation of this might exceed the scope of our doc, it would be worthwhile noting it in some way or other, after all.

Member

harupong commented Feb 7, 2014

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment