[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No more PGP keys without signatures, please!



People continue to post PGP keys that are not vouched for by anyone.
E.g. none of the keys for remailers has any signatures.  This makes it
impossible to trust those remailers, since anyone could have generated
such a key and sent it through a remailer saying it was from someone
else.

If you put up a remailer service, sign its key with your personal key,
at least.  Preferably get a few other people to sign it (by showing them
that they key is really the one used in the remailer, in person).

If you generate a key for yourself, don't just post it -- take it to
a friend, and cross-sign each others' keys.  If you do that a few times,
then you can post it, and the receipients are likely to know one of those
friends, possibly trusting them to certify your key.

	John