>Of course it does. I can upload a new and stronger key with keyid >johnl@xxxxxxxxx to the keyservers and now you cannot read any email people >send you that is automatically encrypted to a key you don't own. You can't >trust the keyservers for the binding between keyid and email address. I understand the argument for better keyservers, e.g., you have to click on a URL in a message encrypted to the key before they publish it. I don't understand the argument to replace it with something else with a whole new bunch of security and other issues. R's, John