Hi Werner et al,

> Am 27.02.2015 um 20:56 schrieb Werner Koch <w...@gnupg.org>:
> 
> There is no trust in keyservers by design.  As soon as you start
> changing this you are turning PGP into a centralized system.

OK, then I have a very practical question: Even though this is my fourth or 
fifth attempt at establishing OpenPGP in my daily routine since the mid 1990s, 
I am still confused by what the best way is to make my public key known. So if, 
as you say, key servers are not trusted by design, if I want to spread word 
around my available public key, which source should I put in a signature? While 
reading this list, I have seen quite a number of different approaches. Some put 
their key ID along with the finger print and the URL of a key server. Others 
put a link to the key file on a web server, others just quote their key ID and 
finger print, or only either of those.

I have my key uploaded (and kept current) on key servers as well as on my web 
site(s), and my Impressum links to the copy on my web site rather than the key 
server URL.

So: What’s the best practice advice? (and yes, I looked in the FAQ, but that 
didn’t prove conclusive to me.)

Marco

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to