key question

MFPA expires2010 at ymail.com
Fri Feb 26 16:53:27 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 25 February 2010 at 6:04:00 PM, in
<mid:4B86BB90.70707 at Mozilla-Enigmail.org>, John Clizbe wrote:


> Then you need not send your key to the keyserver
> network. Pretty simple personal choice, huh? Don't want
> to? Don't do it.

Fair enough.



> Whether one chooses to send his key to the keyservers
> or not, it is still a good idea and in the interest of
> the OpenPGP community to utilize the keyservers.

There are privacy issues, especially if user-ids on the key contain
email addresses. In some cases, the authorities knowing an individual
used encryption could be a problem. There is the issue of controlling
the image that is portrayed by the signatures on your key.

Of course, if you are signing messages to a public list such as this,
it *is* a good idea to put the key on a server.


> *Public* key encryption is fostered by the *public*
> dissemination of keys and the keyservers are, IMO, the
> best mechanism for that.

Keyservers are certainly good for quick circulation of a key
revocation. Other than that, how the presence of my key on a keyserver
foster the use of encryption when emailing me? It will probably not be
noticed by anybody who doesn't use OpenPGP already.



>> Some people hate the idea and get *very* upset if
>> their key does end up on the servers.

> Ohhhhhhhhhhhhhhh... I see. Do they take their ball and
> go home? Do they jump up and down? Stomp their feet?
> Hold their breath until they turn blue? Do they forward
> private email to a public list?

I apologise for that indiscretion. It was threaded as a reply to my
post on the public list, and it didn't occur to me that it might have
been sent just to me. Sorry if I offended you.



> Such key sequestration is a minority viewpoint and I
> doubt even a good number of folks on a fully encrypted
> forum such as PGPNet would agree with you and would
> instead support keyserver use.

What's not to agree with in my statement that not everybody
wants to put their keys on the keyservers?

Some PGPNET members prefer to use Biglumber, or to post their key on
their own website. Quite a few members use the keyservers, and some
are active in networks such as GSWoT. Some members don't choose to
have their key on the servers, and there was heated discussion some
time back when somebody signed everybody's keys and uploaded them to a
keyserver.


- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

I would like to help you out. Which way did you come in?
-----BEGIN PGP SIGNATURE-----

iQCVAwUBS4fufqipC46tDG5pAQpdpQP+Jt6wFJyyfGenY/9zNZqLGRqVXkv1vMxz
5wxYHUHOtLCEgUWugajfR7TQ7/4PBm1R6lN4+7rtltepswGUiikniEkHfhBLJx+t
K22Aa+vr3ZxS5bA2K/rsvNQyrPcr0O0Wqrst4oxIs8qamToxPpsBTHUMTONxfG11
gRypxuzUFig=
=yb7f
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list