Comment Re:Same error, repeated (Score 1) 309
Yes, same error, but you missed it. The fundamental problem is that truely secure non-centralized key verification is HARD. If the bank publishes their GPG key, why would you trust it?
Tools for managing one's trust network barely exist. This problem is not isolated to GPG. This problem is so difficult that the more commonly used protocols, HTTPS and S/MIME, solve it effectively by ignoring it and replacing it with a system in which individuals have little or no control over their trust network. Marlinspike has participated in efforts to improve the trust network for HTTPS, but makes the same error, as use of his tools requires one to trust him.