Anyone with a PGP key on the pgp.com keyserver likely has gotten one or more of these emails recently. I'm figuring it's legit, see http://www.pgp.com/downloads/beta/globaldirectory/faq.html
- Any security types have a decent analysis of what the new pgp.com's "Directory" really means, vs. using other keyservers? - Hey: how many of us still see the pgp.com keyserver as a useful thing for building the Apache web-of-trust, versus other keyservers or simply managing keys individually? A couple of things in the FAQ are interesting: - Only supports v4 keys - no RSA legacy keys (they get deleted before being posted in the directory) - Verifies keys every 6 months by requiring a clickthru response to emails sent to <[EMAIL PROTECTED]>; only keys with email addr are supported. - *Only* signatures from other keys that are also in the Directory are supported: other signatures are removed before being exposed in the Directory. (This one is mildly annoying) I wonder how many out of their claimed 107 signatures on my key will remain after this check. - Shane T4k2x9fLEluOb3rs8AqBQSW8EnyyQZrNPMCpn3XdAQGg9AP9FIsA (Forgot the passphrase for my new .sig) ===== - Shane <eof .sig="Gobble Gobble!" /> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
