On 12/10/14 17:11, Ren Siyuan wrote:
How do I trust the key then?
Travel to where they live, arrange a meeting where they can give you the fingerprint of his gpg key (this way you). Note they should also show you some id documents to verify that you really are in front of the person you think you are (although the name isn't that important, it's the fact that it's a openssh developer that matters). Or you can attempt to use the web-of-trust trying to know someone who has signed the key of someone who has signed the key of one of them… _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev