|
|
|
|
|
|
by kgo
3732 days ago
|
|
|
Anyone can create a random key with a random email. See all the president@whitehouse.gov addresses on the keyservers. So if they used the keyserver network I could just make a fake key for anyone I want to impersonate and upload it. Github has no way to authenticate which keys are good and bad if they only use the keyserver network. So they have you upload the key on their site to implicitly authorize the key as one that you (the person with the github account, or at least its password) consider valid. http://pool.sks-keyservers.net/pks/lookup?op=vindex&search=p... |
|
|
Yes they do. It's called "the web of trust" and has existed for quite a long time.