At 9:01 AM -0700 9/3/00, David Honig wrote:
>I didn't make myself clear. I meant that PGP is perfectly useful
>*without any keyservers*. I am in *favor* of people not publishing
>their keys, except maybe if you were a business and *wanted* cold-calls
>[1]. Sort of like a front-office line and a private back line.
>
>[1] or access and ownership of the keyserver were limited (think corporate
>online phone directory)
I can think of one time I was very glad my public key was up on a key server.
I had a freshly installed PGP on a machine at work, and I had some
confidential information I needed to send to myself at home. I downloaded
my public key from the key server, and was faced with the need to verify
it. I looked thru my pockets, and no key fingerprint. (I really need new
business cards.) But I did find one of Carl Ellison's cards with his key's
fingerprint. Since he had signed my key, the trust equation was, "Do I
trust Carl to introduce me to myself." Having decided that Carl was indeed
trustworthy in these circumstances, I proceeded to use the key.
<Grin> - Bill
-------------------------------------------------------------------------
Bill Frantz | Microsoft Outlook, the | Periwinkle -- Consulting
(408)356-8506 | hacker's path to your | 16345 Englewood Ave.
[EMAIL PROTECTED] | hard disk. | Los Gatos, CA 95032, USA
