Proposal for a Key Signing Party
cbbrowne-HInyCGIudOg at public.gmane.org
Thu Jul 15 04:00:29 UTC 2004
> On Mon, Jul 12, 2004 at 11:51:12PM -0400, Christopher Browne wrote:
> > I generally carry around a few such cards, which essentially read as
> > follows:
> > pub 1024D/6AA6A713 2002-03-14 Christopher B. Browne <cbbrowne-xzRQuAxiFLNWk0Htik3J/w at public.gmane.org
> > Key fingerprint = A525 A16B 8635 51A0 AE33 11D6 37B8 5950 6AA6 A713
> > uid Christopher B. Browne <cbbrowne-HInyCGIudOg at public.gmane.org>
> > sub 2048g/6F31906A 2002-03-14
> I'm very newbie in this matter...
> - what is this key-signing thing?
> - where will I use it? And, why?
> - how does it influence my bank account? (or the content of)
The notion of this is to build up something of a "web of trust"
In cryptography, a web of trust is a concept used in PGP, GnuPG, and
other OpenPGP-compatible systems to establish the authenticity of the
binding between a public key and a user. It is, in some respects, an
alternative to centralized PKI reliance exclusively on a certificate
authority (or a hierarchy of such). As with computer networks, there
are many independent webs of trust, and any user (through their
identity certificate) can be a part of and a link between multiple
In cryptography, a key signing party is an event at which people
present their PGP-compatible keys to others in person, who, if they
are confident the key actually belongs to the person who claims it,
digitally signs the PGP certificate containing that public key and the
person's name, etc. This is one way to strengthen the web of
trust. Although PGP keys are generally used with personal computers
for Internet-related applications, key signing parties themselves
generally don't involve computers, since that would give adversaries
increased opportunities for subterfuge. Rather, participants write
down a string of letters and numbers, called a fingerprint, which
represents their key. The fingerprint is created by a cryptographic
hash function, which condenses the public key down to a unique string,
which is shorter and more manageable. Participants exchange these
fingerprints as they verify each others' identification. Then, after
the party, they obtain the public keys corresponding to the
fingerprints they received and digitally sign them.
Will it influence your bank account? Probably not. But "user groups"
are generally about enthusiasts, as opposed to people that are purely
mercenary in their interests.
If this was helpful, <http://svcs.affero.net/rm.php?r=cbbrowne> rate me
"Let's face it -- ASCII text is a far richer medium than most of us
deserve." -- Scott McNealy
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy