Comment subverts PGP security model (Score 1) 234
After verifying an email address I got this:
In other words: they expect you to trust them based on the X.509 certificate they present... I hope people realize that with the inclusion of dozens of CAs in common browsers etc. this totally subverts the idea of a web of trust. -HeinAfter downloading, import the Verification Key into your PGP software. Then, sign the key with your key and mark it as Trusted. Please see the documentation for your PGP software for specific instructions on trusting a key.