Ask HN: Who regrets uploading their pgp key to keyservers? - yakamok
======
znpy
Not me.

Why should anyone regret this?

Unrelated, but I have a friend that used to say that having your phone key on
a keyserver and having signatures to such key on the same keyserver was a
weakness because that reveals your web of trust.

If that is the argument coming up, I want to say the following: anyone
believing that has completely missed the point of gpg, key signatures and web
of trust.

First: trust level is not how much you trust someone. It is how much you trust
that key actually belonging to the person claiming to be the owner.

Second: the web of trust is not about your friends circle. Is about finding a
path from a key you trust to a key you are examining. To do the gpg/pgp thing
right, you should really acquire as many signatures as possible.

All this is clearly explained in the GNU privacy manual and I really recommend
anyone to read it. It's not very long and it's super useful.

\-------

One last thing: I am not regretting uploading my key to a keyserver because
the gnu privacy manual has explained me how to handle my keys. In particular,
I do not have multiple keys in my name laying around. My old key has been
revoked and it clear what key should be used to speak privately with me.

~~~
yakamok
might be worth reading this and a ton of other articles that make so many good
points why WoT is bad

[https://lists.torproject.org/pipermail/tor-
talk/2013-Septemb...](https://lists.torproject.org/pipermail/tor-
talk/2013-September/030235.html)

------
1996
I do for an old key. It revealed my connections and allowed people to
construct a network that could have been used against me. Like when I
negotiate, if they can see I know XX it may get me not so good terms.

Online, I suggest for opsec to be keeping identities separate. And add some
randomization, things that are obviously wrong with some basic googling about
you. Demographic details for example

~~~
yakamok
yeah i agree, if you use the key servers be careful with what info you use,
you dont have to add email addresses either.

