On Wed, 2007-05-09 at 13:51 +0100, Philip Hands wrote: > perhaps all you need to do is to > make sure that the better connected people in the web-of-trust are evenly > distributed through the line, and then only bother doing the rotation as > many times as it takes for someone to get from one well signed person to > the next -- that is liable to get everyone within about one trust hop of > where they would get if the keysigning continued to the bitter end, so > would be equivalent to having a keysigning key that all attendees signed > and that signed all keys, without the single point of compromise.
> The reason people get laxer as such events go on is that they are aware > that the person's ID has already been checked by an increasing number of > people, so perhaps we should just curtail the whole thing after about 10 ID > checks, or make it clear that after about the 10th check, it's perfectly > acceptable to wander off. Well, I *think* this is pretty much what is being suggested for this year, although I'm not sure. Certainly it's the kind of approach I was arguing to anibal/Ganneff should be taken this year. The "groups" thing can be viewed as a way of working out the ordering to ensure that, as you say, "better connected people in the web-of-trust are evenly distributed". The advantage of physically standing in separated groups is the physical one that delays don't propagate as badly. (Though if you just say "continue until you're tired", I suspect a lot of people will actually continue a while after that, when they've already stopped paying attention to what they're doing; it would be more responsible behaviour, as people who want to keep Debian signatures trustworthy, to try to make sure people do stop *before* there's a danger they stop paying attention.) Re denouncing keys, note that it *is* valid for people to have different standards. e.g. I won't sign on the basis of random driving licences I don't recognise, or some ID document with handwritten details and a glued-on photo, and don't think others should either -- but someone from the same country with a good knowledge of the documents might know enough to judge those kinds of documents. And I won't sign if the person looks nothing like the photo they're waving at me, but that's obviously a personal judgement. -- Moray _______________________________________________ Debconf-discuss mailing list [email protected] http://lists.debconf.org/mailman/listinfo/debconf-discuss
