Semi-off-topic - Netiquette ?

David Shaw
Tue Jul 17 16:47:01 2001

On Tue, Jul 17, 2001 at 09:24:11AM -0400, Ben Paul Wise wrote:

> My two cents worth:
> I also think it is worthwhile to include one's key ID, if only to let people
> know you participate in and support such things.
> Signing early emails is not intrusive or obfuscating (as would be encrypting
> them) - but signing w/o posting your public key somewhere obvious defeats the
> purpose. Some people (e.g. Lionel) post the key on their own website, which
> leads to follow on Netiquette question:
> Is it better to put your public key on a public key server, or
> to put it on a personal website?
In theory, it shouldn't matter. Since the key will (hopefully) be validated via signatures in the web of trust, or at least via a fingerprint checking phone call, there is no particular security advantage to one over the other. It isn't really an netiquette issue. Stick them on one, the other, or both. I recommend both - maximizing your chances that someone will get the key in the first place. That said, there are some handy advantages to keyservers - gpg can fetch keys automatically and it's the also first place people look for new keys. If it wasn't for the problem that some older keyservers have with certain of the newer v4 keys, it would be perfect. David -- David Shaw | | WWW +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson