Shawn Rutledge wrote: > > So what are the popular key servers? Is this free, and who pays for > the bandwidth? Are they just web servers, or something else? Essentially, yes. Here's the Google directory on some of the bigger ones: http://directory.google.com/Top/Computers/Security/Products_and_Tools/Cryptography/PGP/Key_Servers/?tc=1 > How to configure mutt and gpg to use key servers? Will it cache them > locally so I'm not going out to some server every time I read a signed > email? Once you bring down a key, it gets stored in your personal key reing, so there's no need to keep accessing the net for them. I use mutt and gpg at home, and the integration between the two is really nice. Alas, it's been a long time since I got email from someone whom I don't already have a key, so I don't recall how well the key management is integrated there (i.e. I get a signature from an unknown sender, go out to a keyserver, get their public key). But signing messages is really trivial. > > Where is the information about who has signed your key stored? On > the key server, or is there something inherent in the key itself, > that your identity has been verified? Your public key itself has these digital signatures on them. The decision whether a given key is "verified" is up to the person receiving signed/encrypted files, however, based on how well they trust the sender and those who have signed the sender's key. -- Randy Kaelber Randy.Kaelber@asu.edu Software Engineer Mars Space Flight Facility, Department of Geological Sciences Arizona State University, Tempe, Arizona, USA