ietf
[Top] [All Lists]

Re: pgp signing in van

2013-09-06 17:43:15


On 9/6/2013 10:17 AM, Michael Richardson wrote:

I will be happy to participate in a pgp signing party.
Organized or not.

I suggest that an appropriate venue is during the last 15 minutes of the
newcomer welcome and the first 15 minutes of the welcome reception.

Because:
   1) the WG-chairs and IESG will all be there, and a web of trust
      still needs some significant good connectivity, and we already
      know each other rather well, without needing "ID"
      (I am not interested myself in verifying anyone's NSA^WGovernment
      identity. I don't trust that Certification Authority...)

   2) getting newbies on-board, meeting them well enough to sign
      their key seems like a good thing.

And whose key would you sign? Anyone who showed up with a form of ID?

I've noted elsewhere that the current typical key-signing party methods are very weak. You should sign only the keys of those who you know well enough to claim you can attest to their identity.

If that's the case, how will this get newbies on-board except to invite them to have keys whose signatures aren't relevant, and to devalue the trust in WG-chairs and IESG members?

Joe

<Prev in Thread] Current Thread [Next in Thread>