www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shane Curcuru <shane_curc...@yahoo.com>
Subject Re: [PGP Global Directory] Verify Email Address - what do people think?
Date Fri, 17 Dec 2004 16:23:36 GMT
Anyone with a PGP key on the pgp.com keyserver likely has gotten one or
more of these emails recently.  I'm figuring it's legit, see
http://www.pgp.com/downloads/beta/globaldirectory/faq.html

- Any security types have a decent analysis of what the new pgp.com's
"Directory" really means, vs. using other keyservers?

- Hey: how many of us still see the pgp.com keyserver as a useful thing
for building the Apache web-of-trust, versus other keyservers or simply
managing keys individually?

A couple of things in the FAQ are interesting:
- Only supports v4 keys - no RSA legacy keys (they get deleted before
being posted in the directory)

- Verifies keys every 6 months by requiring a clickthru response to
emails sent to <you@domain.blah>; only keys with email addr are
supported.

- *Only* signatures from other keys that are also in the Directory are
supported: other signatures are removed before being exposed in the
Directory.  (This one is mildly annoying)  I wonder how many out of
their claimed 107 signatures on my key will remain after this check.

- Shane
T4k2x9fLEluOb3rs8AqBQSW8EnyyQZrNPMCpn3XdAQGg9AP9FIsA
(Forgot the passphrase for my new .sig)

=====
- Shane

<eof .sig="Gobble Gobble!" />

---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org


Mime
View raw message