[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dovecot
Subject:    Re: [Dovecot] Is Timo OK?
From:       Magnus Holmgren <holmgren () lysator ! liu ! se>
Date:       2005-11-30 2:07:40
Message-ID: 438D096C.7090300 () lysator ! liu ! se
[Download RAW message or body]


Udo Rader wrote:
> Am Dienstag, den 29.11.2005, 13:05 -0600 schrieb /dev/rob0:
> 
>>BTW I am having problems with your posts. GPG hangs because it tries 
>>every time to retrieve your key from a keyserver, and they don't have 
>>it. If you're going to sign posts, please submit your key to the 
>>keyservers. Thanks.
> 
> Well, it all depends on which keyserver _you_ have set up. My public key
> is distributed among many keyservers, eg. www.keyserver.net. And also
> BTW, there are also quite a few corporate people that don't have their
> public keys published on public keyservers but on their corporate
> webpages instead. Automatic validation of signatures is a bad thing,
> IMHO.

Apparently not among *the* keyserver network (pgpkeys.mit.edu,
subkeys.pgp.net et. al.), which exchange keys among themselves so that
your readers don't have to travel the galaxy to find your public key.

PGP security is built around the web of trust, relying on key owners to
get their keys cross-signed by other key owners, rather than having
everyone publish their key on their, often not even SSL-protected, website.

Blindly trusting all keys on one's public keyring is in any case bad, if
that's what you mean with "automatic validation".

-- 
Magnus Holmgren

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]