Surely, pgp signing in vain? Don't know about you, but I value plausible deniability. Lloyd Wood http://sat-net.com/L.Wood/ ________________________________________ From: ietf-bounces@xxxxxxxx [ietf-bounces@xxxxxxxx] On Behalf Of Randy Bush [randy@xxxxxxx] Sent: 06 September 2013 01:45 To: IETF Disgust Subject: pgp signing in van so, it might be a good idea to hold a pgp signing party in van. but there are interesting issues in doing so. we have done lots of parties so have the social protocols and n00b cheat sheets. but that is the trivial tip of the iceberg. o is pgp compromised? just because it is not listed in [0] is not very strong assurance in these dark days. o what are the hashes of audited software, and who did the audits? o what are the recommended algs/digest/keylen parameters? o do we really need eliptical, or is that a poison pill? o your questions go here ... randy --- [0] http://www.nytimes.com/interactive/2013/09/05/us/unlocking-private-communications.html