Say a vulnerability was merged 1 year ago and it was ACK'd by someone who has since had their PGP compromised. How would you know the ACK was signed ahead of the merge rather than after the key compromise?
Its also a lot more convienent to sign and verify messages as every interaction has to be signed.
Please Login to reply.
No replies yet.
