On 2013-08-25 16:29:42 -0400 (-0400), Perry E. Metzger wrote:
> If I meet someone at a reception at a security conference, they might
> scrawl their email address ("al...@example.org") for me on a cocktail
> napkin.
> I'd like to be able to then write to them, say to discuss their
> exciting new work on evading censorship of mass releases of stolen
> government documents using genetically engineered fungal spores to
> disseminate the information in the atmosphere worldwide.
> However, in our new "everything is always encrypted" world, I'll be
> needing their encryption key, and no one can remember something as
> long as that.
> So, how do I translate "al...@example.org" into a key?
> Now, the PGP web-of-trust model, which I think is broken, would have
> said "check a key server, see if there's a reasonable trust path
> between you and Alice."

At free software conferences, where there is heavy community
penetration for OpenPGP already, it is common for many of us to
bring business cards (or even just slips of paper) with our name,
E-mail address and 160-bit key fingerprint. Useful not only for key
signing (when accompanied by photo identification), but also simply
allows someone to retrieve your key from a public keyserver and
confirm the fingerprint matches the one you handed them.
{ PGP( 48F9961143495829 ); FINGER( fu...@cthulhu.yuggoth.org );
WWW( http://fungi.yuggoth.org/ ); IRC( fu...@irc.yuggoth.org#ccl );
WHOIS( STANL3-ARIN ); MUD( kin...@katarsis.mudpy.org:6669 ); }
The cryptography mailing list

Reply via email to