Hey there,
fair points here, for users who don't see value in certificate discovery
via verifying keyservers. I would argue it's not universally agreed
upon: We did see 60k newly verified email addresses on keys.openpgp.org
in the last year though, adding to a total of half a million or so.
For initail key discovering (lookup) there are better methods:
- Send the key with your initial may and start to build up trust.
(after all there must be some reason that you trust a mail address)
- Send the key along with the initial signed message by using the gpg
option --include-key-block. This does not even require mail.
For both of these options, do you think PQC-sized public keys might
become a challenge?
Cheers
- V
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
