so, it might be a good idea to hold a pgp signing party in van. but
there are interesting issues in doing so. we have done lots of parties
so have the social protocols and n00b cheat sheets. but that is the
trivial tip of the iceberg.
o is pgp compromised? just because it is not listed in [0] is not
very strong assurance in these dark days.
o what are the hashes of audited software, and who did the audits?
o what are the recommended algs/digest/keylen parameters?
o do we really need eliptical, or is that a poison pill?
o your questions go here ...
randy
---
[0] http://www.nytimes.com/interactive/2013/09/05/us/unlocking-private-communications.html