Re: [tor-relays] how to distribute pgp public key?

Subject: Re: [tor-relays] how to distribute pgp public key?

From: Univibe <univibe@xxxxxxxxxxxxxx>

Date: Wed, 07 Dec 2016 14:40:38 -0500

Delivery-date: Wed, 07 Dec 2016 14:41:04 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1481139638; bh=YLLiMnc78yYlWGXQdn+AvdFKvYY84MiNMcX5xpHRZhw=; h=Date:To:From:Reply-To:Subject:In-Reply-To:References:Feedback-ID: From; b=Xqtm1vrlXIwDRrCZSkGwwYaDqkMcl1U17/4gpAUSmcFC9J9hIxXhpisH4oMnjCQv/ iugWi36LtP8KHlF4/HhowPXX5oxxhSZ/5B2R9PqY6UkiN4LJMiYmuak3aOkjZU/i58 4XLLqooWxxkS/eHqtJqIucmrES3x7u1hlDlBRV/M=

Feedback-id: jLH1UD6phHJTsVuXfz7EXzEbHHd_pZrJO702Qe9uDikB5Cr2imFSwq5pYP7clPygZuIPvpsm0ikLK5vCh7x4lQ==:Ext:ProtonMail

In-reply-to: <CA+VFULoKMmFLzJ5bFNre25jhgY6LrAi4KkUwfkK4gz839GT4hQ@mail.gmail.com>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <8VZZzcWoBBzx69PLKPYUGEQ9Yw-i4KVslN4FRQyBNlc3mY_RiMkH6DXT_WbXd9DIvia83puCIpO5SFMemM7BfpF99t7fYzdTqvQbtRMlYt4=@protonmail.com> <CA+VFULoKMmFLzJ5bFNre25jhgY6LrAi4KkUwfkK4gz839GT4hQ@mail.gmail.com>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

>> I had a thought to publish it on my relay's DirPort (using DirPortFrontPage

>> and a simple html doc containing the public key). Then I could just provide a

>> link to the DirPort in ContactInfo.

> It's better to just use a fingerprint. I don't know how efficient or useful

> that would be. It is also not necessary.

Okay. Thanks Jason for your reply. I was just thinking about how PGP key exchange seems to frustrate most people and wondering if it would make sense to skip the middleman (keyservers) in this case. Having the public key published directly by the relay establishes trust. There would be no question that the PGP key belongs to the relay operator. However since it's an odd implementation, it might just add confusion instead of making things easier. It sounds like the convention is to just list your fingerprint, so I'll do that. Thanks!

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays