Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Key Signing Event Of The Year

Posted by timothy on from the smoosh-your-keys-together dept.

Meyer Wolfsheim writes "The registration page for CodeCon includes a field for attendees PGP keys. Apparently, the organizers are planning a massive group keysigning using the Zimmermann-Sassaman method. This could be a great way to increase your Web of Trust ranking." (Here's a previous mention of this year's CodeCon.)

3 of 18 comments (clear)

  1. Key Signing Party on FOSDEM by root+66 · · Score: 3, Informative
    Next Sunday, there will be a key signing party at FOSDEM in Brussels, Belgium.

    Until Friday you have the opportunity to send your key to the organizer of the key signing event; to the event you have to bring your I.D. card or passport as well as a print of your key's fingerprint.

    --
    -- I love the smell of Blue Screens in the morning.
  2. Six degrees of "I don't know these people." by bsdbigot · · Score: 3, Informative

    Personally, I think that this kind of large-scale key signing is antithetical to the purpose of signed keys. A Web of Trust means nothing if I know or trust nobody in that web. I mean, lets be realistic - there is a limit as to how far we will let our trust go in personal relationships - everyone has a friend of a friend that's into some questionable shite; my keys are signed by two of my closest friends, my father, and a guy that I've worked closely with for going on 6 years. You see, just meeting someone doesn't mean that you can attest to their character. In this case, you don't even have to meet these potentially thousands of people - how can you honestly say that any one of them could be trustworthy and responsible enough to deserve your signature?

    On that note, I personally would be suspicious of anyone that had more than a dozen or so signings of his/her key.

    My philosophy (using the friend of a friend model) is you're probably safe if you're within four degrees (inclusive) - that is, if you're getting messages/content/whatever from an entity that is only four degrees from you by signature, I think you're probably guaranteed to be in a trustworthy transaction, assuming that everyone practices responsible signing. And, isn't that the whole purpose?

    Final word: Verisign is a different type of trust model - I don't purport to be addressing that model in my argument.

    --
    main(){char I,l,O[]={'-',1-1,0,(1<<5)-1,0+'-',-10-1,-10,11-0,- 1,-100};for(I=l=0;l<10+0;put
  3. Re:looking for big fish to cross sign with by Isomer · · Score: 3, Informative
    If you are interested in finding people to trade signatures with you might want to try http://www.biglumber.com They provide a list of people grouped by area who are interested in finding people to trade signatures. They also list 'events' where keysignings take place (eg: LUG meetings)

    Of course you often find you need to get people *outside* your area to sign your key to make it any use. So if you're thinking of travel, it's probably an excellent place to go look for someone to trade signatures when you're out of town.