One of the major features of PGP is that you don't have to rely on -- trust -- a "verified central listing service".
The "Web of Trust" [0] fills that role:
> As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.
In practice a web of trust is only trustworthy 1 degree out from you. Just because you trust someone doesn't mean you should trust the people they trust. The web of trust is a difficult to use misfeature. In theory it's great. In practice it's unusable.
One of the major features of PGP is that you don't have to rely on -- trust -- a "verified central listing service".
The "Web of Trust" [0] fills that role:
> As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.
[0]: https://en.wikipedia.org/wiki/Web_of_trust
In practice a web of trust is only trustworthy 1 degree out from you. Just because you trust someone doesn't mean you should trust the people they trust. The web of trust is a difficult to use misfeature. In theory it's great. In practice it's unusable.
The problem is nobody uses this right
If you control your own domain, Web Key Directory [0] is a good option too.
[0]: https://wiki.gnupg.org/WKD
You can put it on your website or anywhere really. Some people use keybase.io for this.
You can't put it anywhere really, otherwise anyone could tie their key to your identity. Keybase.io is a good solution.
You're technically correct of course.
I guess they mean putting the key on a webpage or using Web Key Directory or a centralized service such as https://keys.openpgp.org
There used to be a bunch of those in the 90s and it was a mess.