On 05 Mar 2006, at 18:26, Norman Rasmussen wrote:
No, as I said: """as Michal pointed out any exchange of pgp/gpg keys in-band will be insecure. (e.g. using the same tcp connection). The keyservers are the 'right' place to store and get this information."""
Retrieving keys from a keyserver is equally unsecure. I think there's a mixup between the issue of automatically exchanging keys, and actually asserting that the key is valid. The former requires no security at all and can therefore be automated, the latter requires extensive checking.
cheers, Remko
