I just installed GnuPG and set up a key pair, but I need to get some signatures on it. None of my small circle of friends at this point uses GPG; most of them don't see a need for it. But my key pair has very little value without any validation. I googled for a key party in Phoenix, but didn't get any helpful results. Additionally, should I upload my key to a key server? Am I risking having my email addresses harvested and spammed? Also, if I add additional emails/user IDs to my key, does that invalidate all the signatures up to that point? I used my primary address when creating the key, but I have a secondary address that I want to digitally sign. And I will be buying a domain and setting up a host somewhere, and will want to add my email address from that to my key as well. Am I better off creating more than one key? Does that make it more of a nuisance to have everyone sign 2+ keys? What're the (dis)advantages of using sub keys? Thanks!