GPG testing...

[Mark Komarinski]

So some fsckwad is using my good name to send spam.  Either that, or
there's a new spam going around that just says 'fuck you'.

So, time to start signing with GPG so at least I know when I sent something,
and the rest of you do, too.  I've got mutt set up on my home machine and
have GPG set up with it, along with a key I've been tinkering around
with for a while.  But after getting all the documentation set for that,
I have a bunch of remaining questions that maybe you mutt/gpg users
can help out with:

1)  Can you read this?
2)  If you look at my public key, you'll see that it has three e-mail
addresses associated with it.  Is that the way to do it, or should I
have three separate keys?  On the one hand, this verifies that I am
who I say I am no matter what e-mail address I use.  On the other,
it triples the possibility of a key being compromised and increases
the maintenance (since I have to make sure I have the same private/public
key on three systems).
3)  To publish keys or not?  IIRC, I sent a key to pgp a while ago and
it's still there, but that was maybe 5 years ago.  I don't have any
of that key information anymore, let along a revocation key.  I'm a bit
smarter now, and have the revocation key for this printed and in a 
safe.
4)  Can mutt automagically get public keys when I don't have someone's
key, or is that a manual process?
5)  When I get my key signed by someone else, I have to re-export
my key, or rather, have anyone that already has my key re-fetch it?
6)  Anything I've missed?

-Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20021228/dc7f8470/attachment.bin