on crack with their Global Directory.
1 minute read

So, I guess more or less “everybody” has gotten a mail from asking them to verify it so it can be included in their Global Directory. (Which I guess is just a glorified, web-based keyserver which spams you every six months.) However, I decided to actually click the verify link, and was very much surprised with the directions on the page after the confirm page:

To ensure that your PGP software trusts keys verified by this directory, you must download and trust this directory’s Verification Key.

Download the Verification Key

After downloading, import the Verification Key into your PGP software. Then, sign the key with your key and mark it as Trusted. Please see the documentation for your PGP software for specific instructions on trusting a key.

What? They want me to mark a random key downloaded off some random web page as trusted and sign it? I wonder what crack they have been smoking.

Back to posts