[GTALUG] Hello and GnuPG/PGP key signing parties

Stewart C. Russell scruss at gmail.com
Sun Mar 11 16:17:32 EDT 2018


On 2018-03-11 03:45 PM, Bob Jonkman via talk wrote:
> I do  recommend that the keymaster for a keysigning event generates a
> key specifically for that event.

We tried a formal keysigning party at GTALUG once. It was a lot of work
and I think we extended the Web of Trust by four people.

The WoT assumes that the underlying code and algorithms aren't broken,
which very few people are in a place to verify. They also require that
everyone in the WoT practises the very best key hygiene: people are
fallible; see last year's leak of the private key for Adobe's incident
response team.

cheers,
 Stewart


More information about the talk mailing list