On Thu, Nov 06, 2003 at 08:49:05AM -0700, Kevin Rosenberg wrote:
I'd recommmend keymaster@cl.net and have a web page which describes the criteria for a key to be signed by the keymaster key. (I'd reserve you signing keys with your personal key for those owners with whom you meet in person and look at their photo id.
Ok. This makes more sense then admin as recipient. ;)
Alternately, you can do like Debian and create a keyring file which contains the public key which cl.net trusts and publish that file so that downloaders of cl.net files can verify the signature of that file against the keys that are in the trusted keyring file. Then, there is no need for cl.net to sign any keys.
I think the signing can be better for now at least: it creates more crypto-awareness in the community, and helps in kickstarting a web of trust. Or so I hope.
Cheers,
-- Nikodemus