[KLUG Members] gpg key signing party.

[Adam Tauno Williams]

> OK, I have my gpg key created and working.  I added a couple of my other
> emails to my key (adduid), but I'm undecided about which ones to add.
> This leaves me with some questions about wwwkeys.us.pgp.net.
> 1)  How spam proof is it?  Can spam bots harvest emails from it?

I suppose that they can.

> 2)  What if I upload my public key now, and change my mind later about
> my email addresses (I run adduid/deluid later).  I can I change my key
> on the server?  How?  Can I upload it again and overwrite it?

I'm not certain.  Do keys contain revision references?

> 3)  If I can change my key on the server, what keeps other people from
> changing my key?

You are uploading your public key,  it can't be generated without your
private key.  There is no reason to 'protect' the public key.  If it is
altered without the presence of the private key it will be invalid.

> All I see is the place to upload a key, but nothing on how to change or
> delete a key, nor any security on the key uploaded. I don't get it!  :-)

I don't know how modification works with regard to the key server.
Perhaps you just upload it again?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20060220/d515dac1/attachment.bin