Key Discovery Made Simple

Ingo Klöcker kloecker at
Thu Sep 8 15:24:49 CEST 2016

On Wednesday 07 September 2016 22:20:42 Christopher Beck wrote:
> Hi,
> just a (maybe) stupid question: the matching key to my recipient can be
> fetched by keyservers and i determine the korrect key of all of the
> (sometimes "wrong" keys") by vaidating the signatures according to the WoT.
> So, what's the benefit of this new key service? It sounds much more
> complicated (and un- trusworthy) than just using the WoT.

The WoT won't help you if the key isn't part of the WoT. That's the whole 
point of the new tofu trust model and the EasyGPG project. This new key 
service complements the tofu trust model in that it (kind of) guarantees that 
the email address/user id on the key is legitimate (provided the provider of 
the key service is trustworthy).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160908/566b4b4f/attachment.sig>

More information about the Gnupg-users mailing list