by yakamok on 7/19/18, 8:42 AM with 4 comments
by znpy on 7/19/18, 9:08 AM
Why should anyone regret this?
Unrelated, but I have a friend that used to say that having your phone key on a keyserver and having signatures to such key on the same keyserver was a weakness because that reveals your web of trust.
If that is the argument coming up, I want to say the following: anyone believing that has completely missed the point of gpg, key signatures and web of trust.
First: trust level is not how much you trust someone. It is how much you trust that key actually belonging to the person claiming to be the owner.
Second: the web of trust is not about your friends circle. Is about finding a path from a key you trust to a key you are examining. To do the gpg/pgp thing right, you should really acquire as many signatures as possible.
All this is clearly explained in the GNU privacy manual and I really recommend anyone to read it. It's not very long and it's super useful.
-------
One last thing: I am not regretting uploading my key to a keyserver because the gnu privacy manual has explained me how to handle my keys. In particular, I do not have multiple keys in my name laying around. My old key has been revoked and it clear what key should be used to speak privately with me.
by 1996 on 7/19/18, 9:42 AM
Online, I suggest for opsec to be keeping identities separate. And add some randomization, things that are obviously wrong with some basic googling about you. Demographic details for example