From: shawnb <shawnb@ecst.csuchico.edu>
I'm pretty new to this mailing list, so something along these lines may have already been proposed, but I was considering the possibility of putting together a list of pgp public keys for distribution through this list. My own collection of keys is pretty small, and I would pernally like to expand this, but I think this would provide a great service to the group as well. Let me know what you all think.
I keep seeing people propose things like this, and I can't for the life of me understand why. The only way to know for sure that someone's key is theirs is a signature from a trusted introducer anyway, so people can just ask each other in clear for public keys and it doesn't do a lick of harm -- if they have a trusted signature, you can use their key for communication and if they don't, you have to find another way to verify the key. People making lists of keys and distributing them seems fairly useless to me. Can anyone tell me if I am being really really thick here? Perry