> Now, each member of your organization doesn’t have to go track down everyone else’s public keys and make sure that they’re authentic. You don’t need to hold regular key signing parties (though I do recommend that the tech staff uses the authority key to sign each as they add it to the keylist in order to build an internal web of trust). The users don’t actually have to do anything — they just write encrypted emails to their colleagues, and it just works.<p>This is a huge improvement on the traditional OpenPGP user flow.