Harald Tveit Alvestrand wrote:
nope. we have had a lot of PGP key signing parties at IETFs, but
nothing "official".
I see, I might want to attend.
From what I've read, keys (or fingerprints?) were read aloud.
I generally use wwwkeys.eu.pgp.net when I look for keys, but there's
nothing very magical about that.
I see. So your trust basically relies on the integrity of that
particular server.
Did you store the key securely on the keyserver?
Why should I? It's signed, so it's either there or not there - you
can't fake it, just remove it.
Can't I just create a public key with the Harald's name and email
address and then post to this list claiming I'm Harald?
(And sometimes I wish the keyservers WOULD drop some keys - there's
an old key of mine out there that I don't use any more....)
Sure, they should.
Which keyserver? Which port? The particular network I connect to
is blocking most ports, so I can't retrieve your public key.
It's attached below, too. Anything to increase the
Kbytes-posting-stats :
Thank you, I imported it, but the signature of previous messages didn't
verify, sorry.
Alex
GBU