DaB. wrote: > Hello all, > > I think that when such a number of people come together it would be nice to > have a key-signing in Berlin. If you have no idea, what a key-signing is, > look > at the wikipedia-article [[en:Key_signing_party]].
Private keys can be compromised by anyone with a whim and a few thousand dollars, either physically by compromise of the device, or remotely by social engineering or zero-day exploit. Key signing parties are premised on the idea that private keys are really private. Since they aren't, the additional security of a real-life meeting is somewhat farcical. Maybe in the crypto-anarchist fantasy future, filled with hostile corporations and goverments, it would make sense. But in the real world, I think the SSL hierarchy provides a better model. It has a central authority with some competence in identity verification and security, which can issue a revocation certificate even if someone burns your house down. And you can verify the authenticity of a public key even if you don't have any friends. My vote is for a Guitar Hero party instead. -- Tim Starling _______________________________________________ foundation-l mailing list [email protected] Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
