-----BEGIN PGP SIGNED MESSAGE----- Matt Blaze, quoting Greg Morgan, wrote:
Doesn't having some kind of central record of keys go against the principle of PGP?
The only "principle" of which I'm aware (and particularly interested in supporting) is that of having widely fielded, useful and strong privacy and authentication tools that work properly and transparently.
I think the centralization/decentralization confusion comes from PGP's decentralized approach to key generation and authentication, which has been hailed as a good thing. As long as folks can generate their own keys, sign their friends' keys, and upload their keys to servers at their own discretion, I can't see what would make a centralized or standardized distribution method harmful. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLzv7I33YhjZY3fMNAQGVbAP/Sm8rXLFDXU4te0mBEhmi6CaAbvHTPqRZ kce6+auO1T/3ypEi0c0D2QCJ7mS3Xx/g/n42mHhJHzt5ClhuHlhDRyjOV2rGBpWX OElxuVFpcSIlUnnQ2cvju9k8cDtHnXN+crmmjUXxvqmUB371eyOZ6E140nxfxo2/ JqWBXLFPvpI= =AL3C -----END PGP SIGNATURE-----