On Fri, Sep 6, 2013 at 6:42 PM, Joe Touch <touch@xxxxxxx> wrote:
And whose key would you sign? Anyone who showed up with a form of ID?
On 9/6/2013 10:17 AM, Michael Richardson wrote:
I will be happy to participate in a pgp signing party.
Organized or not.
I suggest that an appropriate venue is during the last 15 minutes of the
newcomer welcome and the first 15 minutes of the welcome reception.
Because:
1) the WG-chairs and IESG will all be there, and a web of trust
still needs some significant good connectivity, and we already
know each other rather well, without needing "ID"
(I am not interested myself in verifying anyone's NSA^WGovernment
identity. I don't trust that Certification Authority...)
2) getting newbies on-board, meeting them well enough to sign
their key seems like a good thing.
I've noted elsewhere that the current typical key-signing party methods are very weak. You should sign only the keys of those who you know well enough to claim you can attest to their identity.
If that's the case, how will this get newbies on-board except to invite them to have keys whose signatures aren't relevant, and to devalue the trust in WG-chairs and IESG members?
Joe
I can write a key ceremony spec. I have done that before.
Almost everyone arriving in Vancouver will have a passport in any case. The protocol will probably be something like provide your key etc data in advance, print something out and present that plus your ID document in the ceremony.