Note from archiver<at>cs.uu.nl:
This page is part of a big collection
of Usenet postings, archived here for your convenience.
For matters concerning the content of this page,
please contact its author(s); use the
source, if all else fails.
For matters concerning the archive as a whole, please refer to the
or contact the archiver.
Subject: alt.security.keydist Frequently Asked Questions
This article was archived around: 21 May 2006 04:23:54 GMT
Last-Modified: 23 December 2003
-----BEGIN PGP SIGNED MESSAGE-----
This is a list of Frequently Asked Questions (and answers) for the
unmoderated newsgroup alt.security.keydist. It explains the purpose of the
newsgroup and how to efficiently distribute public encryption keys using
alt.security.keydist. It is a very short FAQ.
This FAQ assumes you have a basic working knowledge of your chosen
encryption software. If you need more information about particular
software, please try the resources listed at the end of this FAQ.
Subject: Contents of this FAQ.
2. Contents of this FAQ.
3. What is this newsgroup for?
4. Why not just use a keyserver?
5. How do I post my key to alt.security.keydist?
6. Should I post my key to other newsgroups?
7. Further information about specific PKE software.
Subject: What is this newsgroup for?
This is the charter from Jonathan Haas's original newgroup message, posted
28 February 1993:
> For your newsgroups file:
> alt.security.keydist Exchange of keys for public key encryption systems
> This group is for people who use public key encryption systems such as
> PGP or RIPEM to have a place to exchange public keys.
Jonathan's entire control message is archived at
Subject: Why not just use a keyserver?
Although I'm sure many people have many different reasons for using this
newsgroup, there are two major ones:
First, there are several public key encryption (PKE) systems (such as
InvisiMail, Puffer, RIPEM, Vouch, and Sifr) that do not have keyserver
networks. A newsgroup can serve as a de facto keyserver forusers of those
Second, even for PKE systems with established keyservers (i.e. PGP),
alt.security.keydist provides "another channel of distribution". Many PGP
users attempt to distribute their public keys through as many protocols as
possible. Such users often have their keys available in such diverse
locations as keyservers (distribution by e-mail and http), in .plan files
(distribution by finger), on web pages (distribution by http), and in ftp
archives. alt.security.keydist is another protocol for redundant key
distribution: distribution by netnews.
(This FAQ's author has, at various times, distributed his key by finger, by
web, by keyserver, by newsgroup, by Fidonet echomail and by CompuServe file
library. This FAQ's author is prone to overkill.)
Subject: How do I post my key to alt.security.keydist?
Whatever PKE software you're using must be able to extract your public key
to a '7-bit', 'flat ascii', or 'plaintext' file. (Most PKE programs now
export keys in text format by default.) Once you've extracted your key,
just start an article to alt.security.keydist, cut-and-paste the keyfile
into your article, and post it.
Your subject line should state what software you're posting a key for,
and the e-mail address the key is for. I also recommend redirecting
followups to e-mail with a "Followup-To: poster" header, because
alt.security.keydist really isn't a discussion group.
You should repost your public key whenever it changes (i.e., you change
your e-mail address, add a certification, or revoke the key). Given the
ephemeral nature of netnews articles, periodically reposting unchanged keys
is acceptable. Users who expect to repost keys often should consider
adding "Expires:" and/or "Supersedes:" headers to their posts. The
documentation for your newsreading software should explain these headers.
MIME-educated PGP-users (and GPG-users) may want to use "Content-Type:
application/pgp-keys" for posting public keys. (This will make it easier
for many PGP users to import your key, but it may prevent Google Groups
from archiving the post containing the key.) See RFC 3156 at
http://www.ietf.org/rfc/rfc3156.txt for a description of the PGP media
By the way, don't clear-sign the message containing your public key! That
just makes it harder for people to add your key to their keyrings (Think
about it: How do people verify the signature if they don't yet have the key
on their keyring?) and does not verify the integrity of your key.
Subject: Should I post my key to other newsgroups?
If you mean "Should I post my key to other alt.security.* or
comp.security.* newsgroups?", the answer is a definite "No". Those groups
are discussion and/or announcement groups, and public keys don't count,
unless they're very important keys (such as keys belonging to a timestamp
server or certficate authority).
There are, however, at least 9 other key-distribution newsgroups located in
smaller news hierarchies. You might want to crosspost your public keys to
one of these newsgroups, or monitor them for new keys:
The newsgroup demon.security.keys is part of the internal hierarchy for
Demon Internet (an internet service provider in the United Kingdom), but
has much wider distribution. Recommended for PKE-users in the UK.
The newsgroup fidonet.pkey_drop is a (defunct?) gated version of the
Fidonet backbone echo PKEY_DROP. You cannot post to it from the netnews
The newsgroups t-netz.pgp.schluessel, z-netz.alt.pgp.schluessel,
domino.pgp.schluessel, and waros.pgp.schluessel are for distributing PGP
keys only, and are part of German-language news hierarchies ("schluessel"
I have no information about the newsgroups city-net.diverses.pgp-keys,
hothouse.lokal.pgp-keys, and real-net.computer.pgp.public_key, beyond
what's revealed in the newsgroup names. They are probably all ISP-local
Subject: Further information about specific PKE software.
GPG is available at http://www.gnupg.org/
PGP is available at http://www.pgp.com/ and http://www.pgpi.org/
Puffer is available from http://www.briggsoft.com/
RIPEM is available at http://www.cpsr.org/cpsr/privacy/crypto/tools/ripem/
InvisiMail and Sifr are apparently no longer available.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32) - WinPT 0.7.96rc1
-----END PGP SIGNATURE-----