howdy friends --
Those of us working on the ZTRUST project would benefit from a growing Z
community "web of trust".
If any of you at SHARE this week have your own PGP key pair, look for
opportunities to do in-person key exchange.
The in-person part should involve a printed copy of your key
fingerprint(s). We're talking paper. You'll exchange the electronic copy
of their public key via other means. (Keep it simple. Email is one way.)
But have the printed form so that the other party can be sure they got
your actual fingerprint and not something doctored by a
man-in-the-middle. (Paper is good for that, even in 2026.)
When you learn that a colleague at the conference also does PGP, give
them your printed fingerprint sheet. (Could be something like a business
card. Remember those?) If you don't know the other person well, ask for
a government-issued photo ID. (This is *not* rude. It's completely
appropriate. It's okay even if you DO know them well.)
Later, back at your hotel room with your own laptop, get their key
(electronic form), confirm the fingerprint, sign their key, extract it,
and return it to them. (Keep it simple. Email is one way. Is there an
echo in here?)
In years past, we would have a "PGP key signing party" to do all of
this. It's loads of fun for cryptography nerds, but kinda time consuming
when you've got like 87 other sessions to attend.
The purpose of the ZTRUST project is to establish a _trust anchor for
the Z community_. This is especially vital in the current climate of
code signing concerns. PGP keys form the basis of peer-to-peer trust. We
can cryptographically sign deliverables with recognized PGP keys. We can
also sign PKI root certificates in support of the PKI-means of code
signing. The whole thing provides assurance of veracity of those wares
which are provided by volunteer contributors (CBT tape, VM Workshop
tape, and countless more).
--
-- R; <><
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
