> Is PGP still an OK way to encrypt a document to send
> securely as an attachment via email?
we use it
> Is there a "phonebook" of trustworthy PGP public keys?
`gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com`
is my fave. half-assed baroque doc at
https://git.rg.net/randy/randy/src/master/pgp-WKD.md
but i suggest https://wiki.gnupg.org/WKDHosting
then there are the public keyrings. a priori they are not at all safe.
but if you can confirm signatures on keys there, ... welcome to the web
of trust.
the key repos suck. the classics, pool.sks-keyservers.net, are pretty
rotten, broken much of the time. pgp.uni-mainz.de is more reliable than
most of that set.
the new hipster rings, hkps://keys.openpgp.org, also suck, just
differently.
randy
---
ra...@psg.com
`gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com`
signatures are back, thanks to dmarc header butchery
