Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption

Marco Zehe marcozehe-ml at mailbox.org
Sat Feb 28 07:10:24 CET 2015


Hi Werner et al,

> Am 27.02.2015 um 20:56 schrieb Werner Koch <wk at gnupg.org>:
> 
> There is no trust in keyservers by design.  As soon as you start
> changing this you are turning PGP into a centralized system.

OK, then I have a very practical question: Even though this is my fourth or fifth attempt at establishing OpenPGP in my daily routine since the mid 1990s, I am still confused by what the best way is to make my public key known. So if, as you say, key servers are not trusted by design, if I want to spread word around my available public key, which source should I put in a signature? While reading this list, I have seen quite a number of different approaches. Some put their key ID along with the finger print and the URL of a key server. Others put a link to the key file on a web server, others just quote their key ID and finger print, or only either of those.

I have my key uploaded (and kept current) on key servers as well as on my web site(s), and my Impressum links to the copy on my web site rather than the key server URL.

So: What’s the best practice advice? (and yes, I looked in the FAQ, but that didn’t prove conclusive to me.)

Marco

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150228/acf5bbb8/attachment.sig>


More information about the Gnupg-users mailing list