It is not on any "KeyServer"
I correct myself. The truth is that as far as I can recall I have never put it on any keyserver. What other people may have spidered and copied I can not control. I was under the impression that KeyServers were voluntary. I guess they're just a newer kind of insecurity.
Actually I've had two keys. A year or two ago I lost my private key and had to create a new key pair. I don't know whether the keyserver you listed has the old one or the new one. I hated to do that; my old PGP key pair predated the Internet. How did I distribute it? By hand.
The new one has more bits.
I guess that the number of bits you need in your key depends on how powreful computers are; I think my first key had only 256 bits which was safe from cracking back in 1992. Maybe we'll have to change all our keys every few years.
Later, you say "and the public key you get from my web site should confirm the signature."
In my defense I said "confirm the signature, not prove the signature. The public key on my web site confirms the source of the message matches the site, but it does not 'prove' anything.
Proof? Don't make me laugh. A few years ago I lost my passport and had to go to the U.S. Consulate in Vientiane to get a new one, so even my passport can be doubted. You could ask my mother or father to vouch for my name, but they're dead. If you want fun, search for "Andy Canfield" on Facebook; there are maybe a hundred of us scattered all over the planet.
But I can't trust your site, because it's not HTTPS (which isn't perfect, but is better.) You can get free SSL certs.
I will look into that; I could not get a free cert when I studied HTTPS a few years ago.
And I can't trust your key because it's not in the web of trust.
You could say that I have my own 'web of trust' which are people who have personally met me.
You want to join? If you ever come to Thailand say "Hello".
I could never trust any signed message to actually be for you, and I can't trust the information I have to encrypt something to you.
Wrong. You can retain a copy of my public key on your compter. Then you can trust any signed message from me to be from the same source as the previous signed message from me. Who is "me" is an unanswerable issue. You can use my public key to encrypt something to me, and be confident that only the guy with "my" private key can decode it. But once again, who is "me" is an unanswerable issue.
Thinking about it, I suggest the most confidence you can get is by sending me an e-mail arranging for a Skype call. Then in real time you can see my face, hear my voice, and I can show you my passport.
But I don't run Skype all the time.