[spam][joke][cryptotragedy] checking signatures on boot media
grarpamp
grarpamp at gmail.com
Wed Nov 3 15:41:47 PDT 2021
The spam attacks don't prevent using keys obtained
from keyservers, it only reinforces the old facts... that
you must verify the key's WoT or fingerprint-to-origin
to your satisfaction before using it.
You can still get keys from the various now balkanized
keyserver communities, some implementations suck
for search and using multiple keys.
You can run keyservers for some of them in coordination
with their comms channels.
https://github.com/hockeypuck/hockeypuck
https://github.com/sks-keyserver/sks-keyserver
https://gitlab.com/hagrid-keyserver/hagrid
And use keys with standard things...
https://www.openpgp.org/
And also use more simplistic and functional things like...
https://github.com/filosottile/age
that are alternatives to the traditional standard tool of...
https://gnupg.org/
Lots of new groups are integrating pgp into new things...
https://sequoia-pgp.org/projects/
But there's probably some awesome lists that aggregate
more of those new groups and integrations for reference.
More information about the cypherpunks
mailing list