? Comments re key servers? re gpg-encrypted mail? re key servers carry many phony keys?
Robert J. Hansen
rjh at sixdemonbag.org
Tue Dec 27 23:06:11 CET 2016
> What do you kind folks out there make of comments at
Completely orthodox. Certificates retrieved through the keyserver network
should not be trusted until/unless verified.
Some people are moving to embrace TOFU, which changes these rules somewhat.
For my money, though, I don't (and won't) use TOFU.
More information about the Gnupg-users