On 2013-10-11, at 07:03, Tony Naggs tonyna...@gmail.com wrote:
On 10 October 2013 22:31, John Gilmore g...@toad.com wrote:
Does PGP have any particular support for key signing parties built in or is
this just something that has grown up as a practice of use?
It's just a practice. I agree that building a small amount of automation
for key signing parties would improve the web of trust.
Do key signing parties even happen much anymore? The last time I saw
one advertised was around PGP 2.6!
The most recent key signing party I attended was five days ago (DNS-OARC
meeting in Phoenix, AZ). I commonly have half a dozen opportunities to
participate in key signing parties during a typical year's travel schedule to
workshops, conferences and other meetings. This is not uncommon in the circles
I work in (netops, dnsops).
My habit before signing anything is generally at least to have had a
conversation with someone, observed their interactions with people I do know (I
generally have worked with other people at the party). I'll check
government-issued IDs, but I'm aware that I am not an expert in counterfeit
passports and I never feel like that I am able to do a good job at it.
(I showed up to a key signing party at the IETF once with a New Zealand
passport, a Canadian passport, a British passport, an expired Canadian
permanent-resident card, three driving licences and a Canadian health card, and
offered the bundle to anybody who cared to review them to make this easier for
others. But that was mainly showing off.)
I have used key ceremonies to poison edges and nodes in the graph of trust
following observations that particular individuals don't do a good enough job
of this, or that (in some cases) they appear to have made signatures at an
event where I was present and I know they were not. That's a useful adjunct to
a key ceremony (I think) that many people ignore. The web of trust can also be
a useful web of distrust.
Joe
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography