I am one of the organizers of Security BSides Delaware, otherwise known as
BSidesDE. We have already discussed having a key signing party, but if
there is any interest, I'd love for any of you to be there, and potentially
run it. Check out bsidesdelaware.com for dates, locations, and such.
It's
If someone wants to try organise a pgp key signing party at
the Vancouver IETF next month let me know and I can organise a
room/time. That's tended not to happen since Ted and Jeff
don't come along but we could re-start 'em if there's interest.
S.
___
T
On 2013-10-11 12:03:44 +0100 (+0100), Tony Naggs wrote:
> Do key signing parties even happen much anymore? The last time I saw
> one advertised was around PGP 2.6!
[...]
Within more active pockets of the global free software community
(where OpenPGP signatures are used to authenticate release
arti
On 2013-10-11, at 07:03, Tony Naggs wrote:
> On 10 October 2013 22:31, John Gilmore wrote:
>>> Does PGP have any particular support for key signing parties built in or is
>>> this just something that has grown up as a practice of use?
>>
>> It's just a practice. I agree that building a small
On 10 October 2013 22:31, John Gilmore wrote:
>> Does PGP have any particular support for key signing parties built in or is
>> this just something that has grown up as a practice of use?
>
> It's just a practice. I agree that building a small amount of automation
> for key signing parties would
Glenn Willen writes:
>I am going to be interested to hear what the rest of the list says about
>this, because this definitely contradicts what has been presented to me as
>'standard practice' for PGP use -- verifying identity using government issued
>ID, and completely ignoring personal knowledge
On 11/10/13 02:24 AM, Glenn Willen wrote:
John,
On Oct 10, 2013, at 2:31 PM, John Gilmore wrote:
... Signing them would assert to
any stranger that "I know that this key belongs to this identity", which
would be false and would undermine the strength of the web of trust.
Where is this writ
On 2013-10-10 (283), at 19:24:19, Glenn Willen wrote:
> John,
>
> On Oct 10, 2013, at 2:31 PM, John Gilmore wrote:
>>
>> An important user experience point is that we should be teaching GPG
>> users to only sign the keys of people who they personally know.
[]
>> would be false and would u
Reply to various,
Yes, the value in a given key signing is weak, in fact every link in the
web of trust is terribly weak.
However, if you notarize and publish the links in CT fashion then I can
show that they actually become very strong. I might not have good evidence
of John Gilmore's key at RSA
On Thu, Oct 10, 2013 at 04:24:19PM -0700, Glenn Willen wrote:
> I am going to be interested to hear what the rest of the list says about
> this, because this definitely contradicts what has been presented to me as
> 'standard practice' for PGP use -- verifying identity using government issued
> ID
On Oct 10, 2013, at 2:31 PM, John Gilmore wrote:
>> Does PGP have any particular support for key signing parties built in or is
>> this just something that has grown up as a practice of use?
>
> It's just a practice. I agree that building a small amount of automation
> for key signing parties w
John,
On Oct 10, 2013, at 2:31 PM, John Gilmore wrote:
>
> An important user experience point is that we should be teaching GPG
> users to only sign the keys of people who they personally know.
> Having a signature that says, "This person attended the RSA conference
> in October 2013" is not part
> Does PGP have any particular support for key signing parties built in or is
> this just something that has grown up as a practice of use?
It's just a practice. I agree that building a small amount of automation
for key signing parties would improve the web of trust.
I have started on a prototy
Does PGP have any particular support for key signing parties built in or is
this just something that has grown up as a practice of use?
I am looking at different options for building a PKI for securing personal
communications and it seems to me that the Key Party model could be
improved on if ther
14 matches
Mail list logo
