Proposal for a Key Signing Party

Christopher Browne cbbrowne-HInyCGIudOg at public.gmane.org
Thu Jul 15 04:00:29 UTC 2004


> On Mon, Jul 12, 2004 at 11:51:12PM -0400, Christopher Browne wrote:
> > I generally carry around a few such cards, which essentially read as
> > follows:
> > 
> > pub  1024D/6AA6A713 2002-03-14 Christopher B. Browne <cbbrowne-xzRQuAxiFLNWk0Htik3J/w at public.gmane.org
>
> >      Key fingerprint = A525 A16B 8635 51A0 AE33  11D6 37B8 5950 6AA6 A713
> > uid                            Christopher B. Browne <cbbrowne-HInyCGIudOg at public.gmane.org>
> > sub  2048g/6F31906A 2002-03-14
> 
> I'm very newbie in this matter...
>     - what is this key-signing thing?  
>     - where will I use it?  And, why?
>     - how does it influence my bank account?  (or the content of)

The notion of this is to build up something of a "web of trust"

<http://en.wikipedia.org/wiki/Web_of_trust>

  In cryptography, a web of trust is a concept used in PGP, GnuPG, and
  other OpenPGP-compatible systems to establish the authenticity of the
  binding between a public key and a user. It is, in some respects, an
  alternative to centralized PKI reliance exclusively on a certificate
  authority (or a hierarchy of such). As with computer networks, there
  are many independent webs of trust, and any user (through their
  identity certificate) can be a part of and a link between multiple
  webs.

<http://en.wikipedia.org/wiki/Key_signing_party>

  In cryptography, a key signing party is an event at which people
  present their PGP-compatible keys to others in person, who, if they
  are confident the key actually belongs to the person who claims it,
  digitally signs the PGP certificate containing that public key and the
  person's name, etc. This is one way to strengthen the web of
  trust. Although PGP keys are generally used with personal computers
  for Internet-related applications, key signing parties themselves
  generally don't involve computers, since that would give adversaries
  increased opportunities for subterfuge. Rather, participants write
  down a string of letters and numbers, called a fingerprint, which
  represents their key. The fingerprint is created by a cryptographic
  hash function, which condenses the public key down to a unique string,
  which is shorter and more manageable. Participants exchange these
  fingerprints as they verify each others' identification. Then, after
  the party, they obtain the public keys corresponding to the
  fingerprints they received and digitally sign them.

Will it influence your bank account?  Probably not.  But "user groups"
are generally about enthusiasts, as opposed to people that are purely
mercenary in their interests.
--
If this was helpful, <http://svcs.affero.net/rm.php?r=cbbrowne> rate me
http://www3.sympatico.ca/cbbrowne/linux.html
"Let's face it  -- ASCII text is  a far richer medium  than most of us
deserve."  -- Scott McNealy
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list