No more PGP keys without signatures, please!

John Gilmore gnu
Thu Dec 10 03:03:08 PST 1992

People continue to post PGP keys that are not vouched for by anyone.
E.g. none of the keys for remailers has any signatures.  This makes it
impossible to trust those remailers, since anyone could have generated
such a key and sent it through a remailer saying it was from someone

If you put up a remailer service, sign its key with your personal key,
at least.  Preferably get a few other people to sign it (by showing them
that they key is really the one used in the remailer, in person).

If you generate a key for yourself, don't just post it -- take it to
a friend, and cross-sign each others' keys.  If you do that a few times,
then you can post it, and the receipients are likely to know one of those
friends, possibly trusting them to certify your key.


More information about the cypherpunks-legacy mailing list