Werner Koch wrote at 16:39 +0200 on Aug 30, 2016: > Hi, > > I just published a writeup on how to setup the Web Key Service at > https://gnupg.org/blog/20160830-web-key-service.html > > A plain text copy is below. If you have comments, please send them as > reply.
Nice writeup. Maybe add some _brief_ words about trust. We understand how keyservers can provide an "invalid" key. This is a tad bit more elaborate, but could still be abused. The thing about trust for the laymen is that it'd be nice if there was a short not overly technical presentation about how various methods can be compromised and how to be reasonably sure about safety. So that the user can decide about when and how they might want to do additional vetting. Someone could set up an https://wernerkoch.info with a bogus key, send out an email impersonating Werner and pointing to that web service, right? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
