Got confirming email from key owner

Approaching this as an education problem only really works if people want to understand what’s going on; I’m not sure how true that is in most cases.

Every time I’ve had to lead someone through this, it has been a very individual process. In this case, of course, there’s the additional problem of knowing nothing about the site they are using. I’d just suggest sending Scott’s snippet and see if that’s enough.

Yeah, I completely agree but I also (as somebody that has no personal web site) wouldn’t know what to do with that. I don’t have a great answer to that. I’m sure I may get myself a page somebody when I retire and need a professional presence online, but I wouldn’t do it just to post a key either.

My approach to this has always been that a key is an individual thing. So in his case he should put the key on his personal web site (not the site for the aggregation). If I used my key for things other than Shibboleth stuff I’d make sure it was available somewhere personal to me (or more likely use a different one).

I did once get a snooty mail back saying “Yea that’s my key, but support questions should go to this google group”. but that's an outlier. If someone asked me where my sig was I’d point to it (because it’s my email in the key, not some “singerdaemon@shibboleth.net” email)

My over all feeling is that people need educated. They follow a recipe because otherwise they cannot get their job done, but they don’t understand the why. But I am not sure how much time we have for education - I just note that this is far from the first time I’ve been asked the question

Looks like that’s some kind of weird aggregation site though. I don’t know how one would manage to get their key posted there.