On 20 July 2011 11:06, Nick <suckless-...@njw.me.uk> wrote: > But just downloading the key from a keyserver, even if it isn't > trusted by your web of trust, is better than e.g. just > distributing a hash, and as mentioned trusting CAs (HTTPS) is > pretty problematic.
Why is a random keyserver more trustworthy than a run-of-the-mill CA? Still even if it is more trustworthy (which I doubt), introducing the GPG tool chain for that marginal gain (if any), is extremely sucky. I still think DNSSEC might help, though tbh I don't know anything about it and I'm grasping at straws. Cue someone clueful to say why DNSSEC is not the answer. ;)