On 04 Mar 2006, at 23:19, Michal Vaner (Vorner) wrote:
the point with PGP is that user checks and signs the key (if he
trusts it).
Therefore, key exchange can not happen automatically, since it
would break
one of the main idea of PGP, that user knows who he is encrypting to.
Key exchange and key signing are still different things. Before you
can start thinking about trust and signing, you still need to
exchange your keys, which might be automated by your jabber client
for more comfort. Of course, when using the key, your Jabber client
should tell you that your key has not been signed and/or isn't
trusted yet.
cheers,
Remko
