[Dovecot] Is Timo OK?

Magnus Holmgren holmgren at lysator.liu.se
Wed Nov 30 04:07:40 EET 2005


Udo Rader wrote:
> Am Dienstag, den 29.11.2005, 13:05 -0600 schrieb /dev/rob0:
> 
>>BTW I am having problems with your posts. GPG hangs because it tries 
>>every time to retrieve your key from a keyserver, and they don't have 
>>it. If you're going to sign posts, please submit your key to the 
>>keyservers. Thanks.
> 
> Well, it all depends on which keyserver _you_ have set up. My public key
> is distributed among many keyservers, eg. www.keyserver.net. And also
> BTW, there are also quite a few corporate people that don't have their
> public keys published on public keyservers but on their corporate
> webpages instead. Automatic validation of signatures is a bad thing,
> IMHO.

Apparently not among *the* keyserver network (pgpkeys.mit.edu,
subkeys.pgp.net et. al.), which exchange keys among themselves so that
your readers don't have to travel the galaxy to find your public key.

PGP security is built around the web of trust, relying on key owners to
get their keys cross-signed by other key owners, rather than having
everyone publish their key on their, often not even SSL-protected, website.

Blindly trusting all keys on one's public keyring is in any case bad, if
that's what you mean with "automatic validation".

-- 
Magnus Holmgren
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20051130/53b1cabe/signature.pgp


More information about the dovecot mailing list