On 2/27/15 10:10 PM, Marco Zehe wrote:
Hi Werner et al,
Am 27.02.2015 um 20:56 schrieb Werner Koch <w...@gnupg.org>:
There is no trust in keyservers by design. As soon as you start
changing this you are turning PGP into a centralized system.
OK, then I have a very practical question: Even though this is my
fourth or fifth attempt at establishing OpenPGP in my daily routine
since the mid 1990s, I am still confused by what the best way is to
make my public key known. So if, as you say, key servers are not
trusted by design, if I want to spread word around my available
public key, which source should I put in a signature? While reading
this list, I have seen quite a number of different approaches. Some
put their key ID along with the finger print and the URL of a key
server. Others put a link to the key file on a web server, others
just quote their key ID and finger print, or only either of those.
I have my key uploaded (and kept current) on key servers as well as
on my web site(s), and my Impressum links to the copy on my web
site rather than the key server URL.
So: What’s the best practice advice? (and yes, I looked in the FAQ,
but that didn’t prove conclusive to me.)
It's overwhelmingly likely that you are overthinking this. :)
If someone wants to correspond with you using PGP, they will ask. If
you sign a message, they will know that you are using PGP, and what
your key Id is. And you've posted it enough places that even a
moderately motivated person will be able to find it.
Relax, and enjoy the ride.
Doug
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
