|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com From: Joe Abley <jabley@hopcount.ca> In-Reply-To: <CAK0b=2dRvw1K7oqgvsJjpopejUxHFQWLPmAECsDE-e-7208Egg@mail.gmail.com> Date: Fri, 11 Oct 2013 14:08:23 -0400 To: tony.naggs@gmail.com Cc: Phillip Hallam-Baker <hallam@gmail.com>, "cryptography@metzdowd.com" <cryptography@metzdowd.com>, John Gilmore <gnu@toad.com> Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com On 2013-10-11, at 07:03, Tony Naggs <tonynaggs@gmail.com> wrote: > On 10 October 2013 22:31, John Gilmore <gnu@toad.com> wrote: >>> Does PGP have any particular support for key signing parties built in or is >>> this just something that has grown up as a practice of use? >> >> It's just a practice. I agree that building a small amount of automation >> for key signing parties would improve the web of trust. > > Do key signing parties even happen much anymore? The last time I saw > one advertised was around PGP 2.6! The most recent key signing party I attended was five days ago (DNS-OARC meeting in Phoenix, AZ). I commonly have half a dozen opportunities to participate in key signing parties during a typical year's travel schedule to workshops, conferences and other meetings. This is not uncommon in the circles I work in (netops, dnsops). My habit before signing anything is generally at least to have had a conversation with someone, observed their interactions with people I do know (I generally have worked with other people at the party). I'll check government-issued IDs, but I'm aware that I am not an expert in counterfeit passports and I never feel like that I am able to do a good job at it. (I showed up to a key signing party at the IETF once with a New Zealand passport, a Canadian passport, a British passport, an expired Canadian permanent-resident card, three driving licences and a Canadian health card, and offered the bundle to anybody who cared to review them to make this easier for others. But that was mainly showing off.) I have used key ceremonies to poison edges and nodes in the graph of trust following observations that particular individuals don't do a good enough job of this, or that (in some cases) they appear to have made signatures at an event where I was present and I know they were not. That's a useful adjunct to a key ceremony (I think) that many people ignore. The web of trust can also be a useful web of distrust. Joe _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |