> And by that changing the distributed system of keyservers into a > centralized key database like PGP tried this with their Universal > Server. Which unavoidable will change OpenPGP to a centralized systems.
I think that's a little excessive, Werner. OpenPGP was always intended to be flexible on the subject of certificate distribution, and there are many use cases where a single authoritative keyserver is preferred over a distributed federation. In 2001 I was the chief system administrator for a law firm which used OpenPGP to secure client communications. (It didn't require clients to use OpenPGP but provided it as an option for clients who were concerned about email privacy.) The procedure was simple: when you opted into OpenPGP you showed up at your attorney's office in person with your certificate burned on a CD. Your attorney then called in a member of the sysadmin staff (usually me) who would check fingerprints with you, before signing it with the firm's trusted-introducer key and uploading it to the firm's own keyserver. Doing it this way meant we could skip long conversations about, "but can't anybody get my certificate if it's on the internet?" Instead of spending 30 minutes talking about why it's okay if public certificates are shared, we could instead just say "we're not going to share your public key with anyone without your written consent" and spend those 30 minutes talking abut more productive things. Centralized key management schemes are sometimes very useful.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
