* Dmitry Alexandrov <321...@gmail.com> [2019-10-28 17:53]: > In particular, the SKS keyserver network — the de-facto standard for > years — is not, it is a decentralized replicated network — like > Usenet; while keys.openpgp.org, to carry on the analogy, is like > Facebook.
Yes, I would say it should be decentralized. But I see the problem and that problem is temporarily solved by that service. Maybe they bound Enigma plugin to that service. I can see that, but that is at this time point, when SKS servers are buggy, better solution, at least so they say. However, GnuPG and PGP is totally decentralized, PGP keys are decentralized, relying on any server cannot be trusted. PGP trust process shall involve verification of signatures, fingerprint. > Maybe. In meantime, SKS is _fully operational_. Is it? Is the security problem solved? > FWIW, I got your key from SKS network and have no idea, where else I > could. You, I suppose, got mine in the same way. You would ask person. That is number one. You could find keys on websites, but in general you ask people. Finding key on the server is not essential. I do not even know did I publish it or not, I do not know. In my group we communicate by using PGP, but we did not publish our keys to servers, makes no sense and there is no demand for that. Keys can be exchanged by chat, email, or by using websites. Jean
signature.asc
Description: PGP signature