Jari Arkko wrote:
So, its the same old question once again: how do we all enroll
ourselves to the same trusted root or web of trust? Should the next
PGP key signing party be held in the plenary, for everyone? Or maybe
Harald stands in the IETF reception desk to look at people's
passports and certifies keys? Hmm... maybe we could make PGP key
mandatory in registration, and have the secretariat form a web of
trust. At least we could trace every key to a credit card number...
sounds pretty good but this wouldn't deal with the folks who don't
come to the meetings. Maybe we could turn on mandatory PGP signing
for all list e-mail for a year, and at the end of the year make a web
of trust for the folks who sent e-mail that year. That wouldn't be
perfect, but it would sure reduce the size of queue in front of
Harald for the passport check ;-)
Or maybe an IETF CA?
Alex
GBU