Stop using keyservers!

================
Keyservers are, well, what they're named; Keyservers.
Keyservers allow you to post your GPG keys in order to make it easy
to find your buddies GPG keys and communicate with them safely.
Here are some reasons I dislike keyservers
================

* Your key stays on a keyserver, good luck trying to take it off. A revocation
certificate is not sufficient. There is no delete keys. If you post a wrong key,
you're done for

* It's a cesspool for impersonators. You may never find out if the key you imported
was the real one.
|
|-> * Knowing this, if you search for RMS's key (rms@gnu.org) on a keyserver,
you'll find dozens of keys.

* Email clients do try to get comfortable with keyservers but it is not inituitive enough.

* The best way to obtain a GPG public key is to communicate directly 
with that person (either online or offline) using something other than e-mail and 
have them verify the fingerprint.

================

sincerely, arezg@razel

arezg@cock.li

Permitted under the MIT license

August 11, 2024