Udo Rader wrote:
Am Dienstag, den 29.11.2005, 13:05 -0600 schrieb /dev/rob0:
BTW I am having problems with your posts. GPG hangs because it tries every time to retrieve your key from a keyserver, and they don't have it. If you're going to sign posts, please submit your key to the keyservers. Thanks.
Well, it all depends on which keyserver _you_ have set up. My public key is distributed among many keyservers, eg. www.keyserver.net. And also BTW, there are also quite a few corporate people that don't have their public keys published on public keyservers but on their corporate webpages instead. Automatic validation of signatures is a bad thing, IMHO.
Apparently not among *the* keyserver network (pgpkeys.mit.edu, subkeys.pgp.net et. al.), which exchange keys among themselves so that your readers don't have to travel the galaxy to find your public key.
PGP security is built around the web of trust, relying on key owners to get their keys cross-signed by other key owners, rather than having everyone publish their key on their, often not even SSL-protected, website.
Blindly trusting all keys on one's public keyring is in any case bad, if that's what you mean with "automatic validation".
-- Magnus Holmgren