Key Discovery Made Simple

Mirimir mirimir at
Wed Aug 31 04:27:31 CEST 2016

On 08/30/2016 10:04 AM, John Hein wrote:
> Werner Koch wrote at 16:39 +0200 on Aug 30, 2016:
>  > Hi,
>  > 
>  > I just published a writeup on how to setup the Web Key Service at
>  > 
>  > 
>  > A plain text copy is below.  If you have comments, please send them as
>  > reply.
> Nice writeup.
> Maybe add some _brief_ words about trust.  We understand how
> keyservers can provide an "invalid" key.  This is a tad bit more
> elaborate, but could still be abused.
> The thing about trust for the laymen is that it'd be nice if there was
> a short not overly technical presentation about how various methods
> can be compromised and how to be reasonably sure about safety.  So
> that the user can decide about when and how they might want to do
> additional vetting.
> Someone could set up an with a bogus key, send
> out an email impersonating Werner and pointing to that web service,
> right?

What are the defects in <>?

More information about the Gnupg-users mailing list