25 ;;Quote: public-key cryptosystems are vulnerable to forgery and man-in-the-middle attacks

26 ;;Quote: prevent public key forgery with signed public key certificates from mutually trusted friends; allows centralized and decentralized approaches

26 ;;Quote: a key server or certifying authority can "introduce" users to each other with signed, public-key certificates

26 ;;Quote: never trust a public key that isn't signed by someone you trust, i.e., someone whose trusted public key is on your key ring

26 ;;Quote: to sign a public key, you should require your own independent firsthand knowledge of who owns that key

28 ;;Quote: physically secure your public key ring, otherwise you can not check a new signed public key certificate

29 ;;Quote: PGP assumes physical security of your system and key rings; otherwise an intruder could tamper with PGP itself

31 ;;Quote: physically secure your own secret key and pass phrase; if it is revealed then anyone can sign in your name