Does PGP have any particular support for key signing parties built in or is this just something that has grown up as a practice of use?
I am looking at different options for building a PKI for securing personal communications and it seems to me that the Key Party model could be improved on if there were some tweaks so that key party signing events were a distinct part of the model. I am specifically thinking of ways that key signing parties might be made scalable so that it was possible for hundreds of thousands of people to participate in an event and there were specific controls to ensure that the use of the key party key was strictly bounded in space and time. So for example, it costs $2K to go to RSA. So if there is a key signing event associated that requires someone to be physically present then that is a $2K cost factor that we can leverage right there. Now we can all imagine ways in which folk on this list could avoid or evade such controls but they all have costs. I think it rather unlikely that any of you would want to be attempting to impersonate me at multiple cons. If there is a CT infrastructure then we can ensure that the use of the key party key is strictly limited to that one event and that even if the key is not somehow destroyed after use that it is not going to be trusted. -- Website: http://hallambaker.com/
_______________________________________________ The cryptography mailing list email@example.com http://www.metzdowd.com/mailman/listinfo/cryptography