? Comments re key servers? re gpg-encrypted mail? re key servers carry many phony keys?

Robert J. Hansen rjh at sixdemonbag.org
Tue Dec 27 23:06:11 CET 2016

> What do you kind folks out there make of comments at
> https://stallman.org/gpg.html

Completely orthodox.  Certificates retrieved through the keyserver network
should not be trusted until/unless verified.

Some people are moving to embrace TOFU, which changes these rules somewhat.
For my money, though, I don't (and won't) use TOFU.

More information about the Gnupg-users mailing list