Hi! On Fri, 3 Jan 2025 18:29, have--- said:
> I won’t ambush a volunteer answering support@ for a free keyserver, > but I will publicly quote my own reply below. There has been no The concept of public keyservers is dead. It worked well in a past Internet with mostly friendly inhabitants. But we are not anymore in the 90ies and DoS is a major concern. There is also the false assumption of many users that keys from a keyserver are in any way trustworthy. There is one remaining reason for having a network of synced keyservers: To distribute revocations. Lookup of keys by anything other than a fingerprint has no more justification. And for that feature a simple distibuted storage for revocations would be better than the complex keyserver software we have today. For initail key discovering (lookup) there are better methods: - Send the key with your initial may and start to build up trust. (after all there must be some reason that you trust a mail address) - Send the key along with the initial signed message by using the gpg option --include-key-block. This does not even require mail. - Distribute the key along with your mail address using the Web Key directory. - For key discovery in a managed environment (large organization) use an LDAP keyserver. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
