On Sat, 2007-04-14 at 22:25 +0100, MJ Ray wrote:
Paweł Madej nysander@quanteam.pl wrote: [...]
so my question is if the is any reason why some of you do not publish public keys to some keyserver for example pgp.mit.edu or any other
Keyservers are horribly broken. subkeys.pgp.mit.edu (or something close to that) is better than most, but it's still more reliable to put it on your web page or in a human-maintained keyring.
I agree with you about reliability, but it does suck a bit for searching - if you just wanted to search for the GPG key for a given e-mail address, you'd probably have trouble. You end up having to try to find the person's web page, and then seeing if their key is obviously linked.
What has surprised me is that none of the web meta-data people have taken this challenge on. It seems utterly obvious, to me, that this is prime fodder for Friend-of-a-Friend (FOAF), but they don't seem to have done much: in fact, they support signing FOAF descriptions, but not specifying keys / key ids - you still have to look keys up in key servers.
I realise there's an issue with people pretending to be people they're not, but it doesn't seem to be anything different to key servers except people trust key servers more often.
FOAF would also have the advantage of being able to publish keyrings with good structured meta-data, taking advantage of everyone on the keyring being able to publish the data too.
Cheers,
Alex.