Shawn Rutledge wrote:
>
> So what are the popular key servers? Is this free, and who pays for
> the bandwidth? Are they just web servers, or something else?
Essentially, yes. Here's the Google directory on some of the bigger
ones:
http://directory.google.com/Top/Computers/Security/Products_and_Tools/Cryptography/PGP/Key_Servers/?tc=1
> How to configure mutt and gpg to use key servers? Will it cache them
> locally so I'm not going out to some server every time I read a signed
> email?
Once you bring down a key, it gets stored in your personal key reing, so
there's no need to keep accessing the net for them.
I use mutt and gpg at home, and the integration between the two is
really nice. Alas, it's been a long time since I got email from someone
whom I don't already have a key, so I don't recall how well the key
management is integrated there (i.e. I get a signature from an unknown
sender, go out to a keyserver, get their public key). But signing
messages is really trivial.
>
> Where is the information about who has signed your key stored? On
> the key server, or is there something inherent in the key itself,
> that your identity has been verified?
Your public key itself has these digital signatures on them. The
decision whether a given key is "verified" is up to the person receiving
signed/encrypted files, however, based on how well they trust the sender
and those who have signed the sender's key.
--
Randy Kaelber
Randy.Kaelber@asu.edu
Software Engineer
Mars Space Flight Facility, Department of Geological Sciences
Arizona State University, Tempe, Arizona, USA
(text/plain)