Many thanks to Daniel Kahn Gillmor for pointing to the best practices page (https://we.riseup.net/riseuplabs+paow/openpgp-best-practices); this information is very helpful.
Some questions about the information on this page: 1. "Don't use pgp.mit.edu". Which keyserver *should* be used? I assume that a pool is better than a particular server; is there one particular pool that is preferred? What about http://pool.sks-keyservers.net/? 2. On keeping an encrypted backup of my secret key material, what method is recommended for doing that? (Presumably something like "gpg --export-secret-keys | gpg --output secretkeymatter.gpg --symmetric"?) 3. On using a keyserver with HKPS support: when I attempt to connect (via Chrome) to https://sks-keyservers.net/, I get an error headlined "The site's security certificate is not trusted!", stating " the server presented a certificate issued by an entity that is not trusted by your computer's operating system." 4. When I try to use hkps://sks-keyservers.net with GnuPG at the command line, I get these messages: gpgkeys: HTTP post error 1: unsupported protocol gpg: keyserver internal error gpg: keyserver send failed: Keyserver error And when I try the same with the domain name only (sks-keyservers.net) I get these messages: : can't connect to `sks-keyservers.net': No route to host gpgkeys: HTTP post error 7: couldn't connect: No route to host gpg: keyserver internal error gpg: keyserver send failed: Keyserver error My question would be, am I doing something wrong or is the service unavailable? Thank you! Peter -- ============== Peter Loshin 617/549-4514 ============== _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users