Re: certificate distribution

"grizdog@xxxxxxxxx" <grizdog@xxxxxxxxx> (07-02-16 21:41:11):

I don't want to give anyone else the PKCS12 file I created, since it
contains the private key, right? So can I just carry around a PEM
file, and then either my correspondent ought to be able to import it
directly into the mail client, or convert it into another format with
OpenSSL or some other tool?

Moreover, am I being hopelessly old-fashioned with this? Does the
future belong to Verisign and its friends, and not to someone carrying
around a certificate on his keychain? If I really needed security, of
course it wouldn't work, but I thought it might be fun to harness the
six degrees of separation phenomenon simply by trading keys. We could
all get business cards with our certificates contained in some sort of
RF or magnetic strip on them, and pass them around. Yes, of course I
see the problems with this, but it seemed like it might work for low-
stakes security.

You're taking a much too complicated approach. Why don't you just use
GnuPG and Enigmail for Thunderbird? This makes things simple.

To the actual problem: Keyservers and trustcenters are good methods to
distribute keys, if there aren't any other possibilities. Otherwise,
it's always best to give you keys away personally.


Regards,
E.S.
.