On Wed, Apr 1, 2009 at 8:51 AM, Tim Starling <[email protected]> wrote: > Private keys can be compromised by anyone with a whim and a few > thousand dollars, either physically by compromise of the device, or > remotely by social engineering or zero-day exploit. Key signing > parties are premised on the idea that private keys are really private. > Since they aren't, the additional security of a real-life meeting is > somewhat farcical.
Moreover, what's to stop someone from showing up and claiming to be you? How are you going to confirm that -- by their telling you they're coming and what they look like, over the Internet? Why don't they just sign your keys over the Internet and skip the middle-man? Not to be negative or anything, sorry. (I'm not even going to be there.) _______________________________________________ foundation-l mailing list [email protected] Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
