On 9/23/2015 3:00 PM, Sam Hartman wrote: > Yeah, but I believe for most users the only reasonable default for > things you get from the key servers is don't trust without additional > evidence. I'm confused by this thread. I thought that the /essence/ of the PGP model was that the key servers were merely convenient locations but /not/ 'trusted' locations. That is, all the validation and trust are based on object-related data and not location-related. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net