useless test keys and keyservers

Greg Sabino Mullane greg at turnstep.com
Tue Mar 1 00:55:41 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> IMHO, anyone who signs emails to a public mailing list should make
> their public key available with the minimum of fuss. This, to me,
> means putting it on one of the recommended keyservers,

Or simply putting a URL to a webpage with their key in the headers
or the sig. (which allows them to give you their preferred copy
of their key)

> All keyservers support the option to not upload your key - it's just
> that once a key is public, there's no real way of stopping it being
> submitted by someone else. Thereagain, if the key IS public, it should
> be on a public keyserver - that's my case.

How about, if the key IS public, it should be made publically available.
Right now, the main option for doing so is the keyservers, which unfortunately
have the flaw that anyone can make changes to anyone else's public key.
That's why some people prefer a self-controlled web page.

- --
Greg Sabino Mullane greg at turnstep.com
PGP Key: 0x14964AC8 200502281856
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8

-----BEGIN PGP SIGNATURE-----

iD8DBQFCI6/9vJuQZxSWSsgRAmc8AKCdQ0JvJkEIf/7twB8+KrM+sIcH1QCgj703
VuLz2dCXHGNjcSp5/7/Z4XY=
=0vID
-----END PGP SIGNATURE-----





More information about the Gnupg-users mailing list