[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pgp key distribution

>From: shawnb <[email protected]>

>I'm pretty new to this mailing list, so something along these lines may
>have already been proposed, but I was considering the possibility of
>putting together a list of pgp public keys for distribution through this
>list.  My own collection of keys is pretty small, and I would pernally 
>like to expand this, but I think this would provide a great service to the
>group as well.  Let me know what you all think.

I keep seeing people propose things like this, and I can't for the
life of me understand why. The only way to know for sure that
someone's key is theirs is a signature from a trusted introducer
anyway, so people can just ask each other in clear for public keys and
it doesn't do a lick of harm -- if they have a trusted signature, you
can use their key for communication and if they don't, you have to
find another way to verify the key.  People making lists of keys and
distributing them seems fairly useless to me. Can anyone tell me if I
am being really really thick here?