On Mon, 2005-02-07 at 22:11 +1300, Sam Sargeant wrote:
I'm happy to confirm my email address via these means, although I don't see enough benefit for me to verify other addresses myself. I would say, as Ewen mentioned, that sending the signed key in an encrypted message is probably best. That way we avoid cluttering the key-servers with what may be useless keys.
Uploading keys to the keyservers broadens the web of trust and makes it more likely that when you send me a signed message and I pick up your public key from the server it will have a signature that I trust on it. When I have gone to the trouble of fully verifying ownership of keys I always upload my signatures to the file server. When I do partial verification, for example ask the owner for key fingerprint by email I just locally sign the key and keep it to myself. Russell -- Russell Fulton, Information Security Officer, The University of Auckland New Zealand