The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Поиск:  Каталог документации | Безопасность, защита информации Frequently Asked Questions

This article explains how to distribute public encryption keys through the newsgroup
Archive-Name: computer-security/keydist-faq
Posting-Frequency: monthly (28th of every month)
Last-Modified: 30 March 1999
Alt-security-keydist-archive-name: faq
Demon-security-keys-archive-name: alt-security-keydist-faq


Subject: Introduction

This is a list of Frequently Asked Questions (and answers) for the
unmoderated newsgroup  It explains the purpose of the
newsgroup and how to efficiently distribute public encryption keys using  It is a very short FAQ.

This FAQ assumes you have a basic working knowledge of your chosen
encryption software.  If you need more information about particular
software, please try the resources listed at the end of this FAQ.


Subject: Contents of this FAQ.

1. Introduction
2. Contents of this FAQ.
3. What is this newsgroup for?
4. Why not just use a keyserver?
5. How do I post my key to
6. Should I post my key to other newsgroups?
7. Further information about specific PKE software.


Subject: What is this newsgroup for?

This is the charter from Jonathan Haas' original newgroup message, posted
28 February 1993:

> For your newsgroups file:
>    Exchange of keys for public key encryption systems
> This group is for people who use public key encryption systems such as
> PGP or RIPEM to have a place to exchange public keys.

Jonathan's entire control message is archived at


Subject: Why not just use a keyserver?

Although I'm sure many people have many different reasons for using this
newsgroup, I see two major ones:

First, there are several public key encryption (PKE) systems, including
RIPEM and SIFR, that do not have practical keyservers online.   A newsgroup
can serve as a de facto keyserver for users of such systems.

Second, even for PKE systems with established keyservers (i.e. PGP), provides "another channel of distribution".  Many PGP
users attempt to distribute their public keys through as many protocols as
possible.  Such users often have their keys available in such diverse
locations as keyservers (distribution by e-mail), in .plan files
(distribution by finger), on web pages (distribution by http), and in ftp
archives. is another protocol for redundant key
distribution, distribution by netnews.

(This FAQ's author currently distributes his PGP public key by finger, by
web, by keyserver, and by newsgroup.  At times, he's also distributed it by
Fidonet echomail and CompuServe file library.  This FAQ's author is prone
to overkill.)


Subject: How do I post my key to

Whatever PKE software you're using must be able to extract your public key
to a '7-bit', 'flat ascii', or 'plaintext' file.  (The PGP command for this
is "pgp -kxa userid".  PEM, RIPEM, and S/MIME always store keys in 7-bit
format.  The SIFR command is "sifr -x sendername".)  Once you've extracted
your key, start an article to, import the keyfile into
your article, and post it.

Your subject line should state which PKE software you're posting a key for,
and the e-mail address the key is for.  I also recommend redirecting
followups to e-mail with a "Followup-To: poster" header, because really isn't a discussion group.

You should repost your public key whenever it changes (i.e., you change
your e-mail address, add a certification, or revoke the key).  Given the
ephemeral nature of netnews articles, periodically reposting unchanged keys
is not unheard of.  Users who expect to repost keys often should consider
adding "Expires:" and "Supersedes:" headers to their posts.  The
documentation for your newsreading software should explain these headers.

MIME-educated PGP-users should use "Content-Type: application/pgp-keys" for
posted public keys.  See <URL:> for
details of the MIME/PGP standard.

By the way, don't clear-sign your PGP keys!  That just makes it harder for
people to add your key to their keyring.  (Think about it:  How do people 
verify the signature if they don't yet have the key on their keyring?)


Subject: Should I post my key to other newsgroups?

If you mean "Should I post my key to other* or* newsgroups?", the answer is a definite "No".  Those groups
are discussion and/or announcement groups, and public keys don't count,
unless they're *very* important keys (such as a timestamp server's).

There are, however, at least 9 other key-distribution newsgroups located in
smaller news hierarchies.  You might want to crosspost your public keys to
one of these newsgroups:

The newsgroup is part of the internal hierarchy for
Demon Internet (an internet service provider in the United Kingdom), but
has much wider distribution.  Recommended for PKE-users in the UK.

The newsgroup fidonet.pkey_drop is a gated version of the Fidonet backbone

The newsgroups t-netz.pgp.schluessel, z-netz.alt.pgp.schluessel, 
domino.pgp.schluessel, and waros.pgp.schluessel are for distributing PGP
keys only, and are part of German-language news hierarchies ("schluessel"
means "keys").

I have no information about the newsgroups city-net.diverses.pgp-keys,
hothouse.lokal.pgp-keys, and, beyond
what's revealed in the newsgroup names.  They are probably all ISP-local


Subject:  Further information about specific PKE software.

For more information about PGP, see <URL:> and/or the
the newsgroup

For more information about RIPEM, see
<URL:> and/or the newsgroup

For more information about PEM and S/MIME, see <URL:>.

Content-Type: application/pgp-signature

Version: 2.6.2



Inferno Solutions
Hosting by

Закладки на сайте
Проследить за страницей
Created 1996-2022 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру