1Oca
How secure are the GPG/PGP keyservers?
Importing a GPG key with a KeyID or fingerprint seems to rely on keyservers. Doesn't this invite man-in-the-middle attacks, in which someone would alter the keys to allow them to decrypt the data? What measures are in place to prevent this, and what alternatives are there to using a keyserver to and a key to a keyring with only a KeyID or fingerprint?
Side question: are the private keys uploaded along with the public keys?
