Hi, Did you consider user a proof-of-work scheme? For instance, the user does a 1 week PoW, signs the result and attackes it to the key. These would be refreshed about once a year.
This eliminates the verification servers and the problems associated with them (namely, people need to trust them and there can't be too many of them). It also increases usability: there are no emails. This can be done completely by, say, gpg-agent in the background. gpg (or the email clients) don't need to know about special verification keys / signatures. They just check the proof of work and sort the returned keys appropriately. Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users