> It would be nice if you can add to the keyserver list also the > mailvelope.com keyserver,
I concur keys.mailvelope.com is a fine keyserver today. However, you might want to consider: > because it requires users to authenticate their keys against the keyserver > with an received encrypted email An "encrypted" verification email in no way, shape or form "authenticates" a key any more than an unencrypted email. It may seem like it should at first glance, but it really doesn't if you think through the attack scenarios. > and it also allows keeping third party signatures, compared to Hagrid. This property also makes it susceptible to flooding attacks, and Mailvelope doesn't make use of third party sigs itself. I talked to Thomas (from Mailvelope) the other day, and he said he would either want to make their implementation more abuse resistant (which I assume means dropping third party sigs as well), or decommissioning it altogether in favor of Hagrid. Cheers - V _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users