[GR-Jug] Global PGP Key Registry
Dave Brondsema
dave at brondsema.net
Fri Dec 10 17:09:22 EST 2004
Matthew Carpenter wrote:
> For those of you who have either wondered what to do with your public
> keys or were frustrated with all the key-servers and lack of
> authentication, The PGP company appears to have a potential solution.
What sort of lack of authentication is there, and why is it a problem?
Yes, anyone can create a PGP key for any email address, but you
shouldn't trust any key's authenticity unless there is a chain of
signatures from you to them. Signing keys builds a web of trust; this
is a critical part of the PGP system because it is not hierarchical from
some supposed root authority.
> This is a *free* directory for PGP keys, and looks to provide not just
> "another" but "the" PGP key repository.
All public keyservers are "the" place to look for keys because they
mirror with each other. It's distributed redudancy; much better than
relying on just one keyserver anyway.
> It is currently in Beta right now and is worth checking out. If you are
> a security professional, this an important read. It is a
> good idea to sign everything, and/or provide your PGP key information
> to anyone who may contact you with sensitive content, particularly in
> the even of a security incident.
PGP certainly is important, but why are we talking about it here?
--
Dave Brondsema : dave at brondsema.net
http://www.splike.com : programming
http://csx.calvin.edu : student org
http://www.brondsema.net : personal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://gr-jug.org/pipermail/jug/attachments/20041210/647536d3/signature.bin
More information about the Jug
mailing list