> I assume that people more knowledgeable than I will critique this, but > this works for me...
I don't know if I'm more knowledgeable, but I have in the past volunteered to set up a centrally organized keysigning party at Apachecon, and still intend to do so if the planners will have me... Note that this centrally organized keysigning does not in any way monopolize the signing of keys: people are welcome, and in fact encouraged, to sign each others' keys on an individual basis. The event will merely aim to streamline the identification process. > 4) you should have printed up a few dozen scraps of paper with your > key's fingerprint on it. Having that fingerprint on your business card is a great thing if you can hack it. > When you encounter folks who might sign your key offer them the scrap > of paper with your finger print on it and ask for one in return. > Always ask to see some official (picture, goverment, etc) ID. You > might be tempted to ask for official ID only when your less than > absolutely certain that you know who your dealing with. By always > asking you both set a good precedent and you don't have to be admit > when you are or entirely aren't certain about somebody's identity. > That can be embarrassing. I do not see why we should trust the government to say who we are, but they frequently claim they can. In fact, this document contradicts itself; see below. > Later, but soon, you should: (a) find their key, (b) sign it and (c) > upload the result back to the key server you down loaded it from in > step (a). Your done, your cool. With luck they will get around to > signing your key at some point too. I actually advocate mailing the signed key back to its owner. This action may just prod the owner into returning the favour. The owner can then choose to upload their key with your (and perhaps other) new signatures on it. > Signing a key does not indicate that you "trust" the person. It only > indicates that you believe that key is associated with the correct > person. In fact it's valuable to the whole network of signatures if > you sign the keys of members of other communities. So signing the keys > of near strangers is a good thing. Just be confident of their identity. Why would we have to be confident of their identity? Immediately above, you just say that "you believe that key is associated with the correct person". So we vouch for the connection between that particular carbon-based lifeform and said key. Why would we care who the state or country that they come from says they are? S. (thinks he's not paranoid enough) -- [EMAIL PROTECTED] http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
