> for those who care you could offer the best of both worlds.
You're not really offering that because the first connection could've be intercepted.
> for those who care you could offer the best of both worlds.
You're not really offering that because the first connection could've be intercepted.
Too true. The old model is that you have to sneaker-net that first step. To get someone's public key, you'd literally meet them in person and they'd hand you a copy. We don't do that anymore.
I can imagine alternate approaches (service that stores personal keys on an HTTPS server signed via a public cert, keys in peer-to-peer filesharing with the checksum provided side-channel), but that gets increasingly more elaborate for diminishing return.