On 9/23/2015 3:00 PM, Sam Hartman wrote:
Yeah, but I believe for most users the only reasonable default for
things you get from the key servers is don't trust without additional
evidence.
I'm confused by this thread.
I thought that the /essence/ of the PGP model was that the key servers
were merely convenient locations but /not/ 'trusted' locations. That
is, all the validation and trust are based on object-related data and
not location-related.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net