> > I respect your opinion but I don't agree. Sorry. > > What precisely do you disagree with?
No matter which key server a key I get from. No matter who operates a key server. The only important thing if a key is signed by trustworthy peoples or not. > > _All_ key servers of the pool are absolutely untrustable by definition. > > Not true. For instance, I trust John Clizbe. If I receive a > certificate from him, I'm pretty confident that he's not, e.g., logging > my certificate requests and turning it over to the cops. You, on the > other hand, I don't know you, and for all I know you're doing those > sorts of things. Oh, I see. Why do you trust John? (I hope I don't hurt him with this question. :-) Why do you think peoples trust _you_? Do all of them known you personally since ten years? If a user was cautious, (s)he would download thousands more keys (s)he need or operates an own key server. Anyway. Why does somebody think no one eavesdrops his/her key requests? In your special case: you may redirect users to a trusty key server. (I hope you know at least one beside yours. :-) If some users trust you as a key server operator, they must trust your choice of fallback server too. Cheers Gabor _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
