Hello! Sorry, this is not quite the right place, but as I previously got good answers about the PGP servers from you guys, I thought that maybe somebody could help me again. (Plus I tried to subscribe to the PGP mailing list, but either it's down as nothing happened or completely gone as the website was not found...) Ok, rolling out PGP at a small company. This is what I'm thinking. 1) Master signing key that is used to sign every key - Not uploaded to keyservers, just on the https-page with fingerprints and all - No encryption key - No email - My key added as revokation key Q: should I sign this? Q: if https-page is not available (from our IT), should I then sign this (my key will be uploaded to the key servers)? Q: should the global revokation key be added also 2) Global revokation key (Only use is to revoke other keys) - Signed by the master key Q: Does this need the encryption key, or should I delete it also? Q: If it needs, then it needs a email address also? Q: Should this be uploaded to the key server 3) ADK - Not uploaded to keyservers - Signed by the master key - AFAIK, needs an encryption key and therefore an email address? - Will be split later on (when I learn that stuff) 4) Individual email keys - Global revokation key as the revoking key - ADK added as the ADK key - Signed by the master key - added to the key servers How does this sound? -- HG.