[GTALUG] Hello and GnuPG/PGP key signing parties
Stewart C. Russell
scruss at gmail.com
Sun Mar 11 16:17:32 EDT 2018
On 2018-03-11 03:45 PM, Bob Jonkman via talk wrote:
> I do recommend that the keymaster for a keysigning event generates a
> key specifically for that event.
We tried a formal keysigning party at GTALUG once. It was a lot of work
and I think we extended the Web of Trust by four people.
The WoT assumes that the underlying code and algorithms aren't broken,
which very few people are in a place to verify. They also require that
everyone in the WoT practises the very best key hygiene: people are
fallible; see last year's leak of the private key for Adobe's incident
response team.
cheers,
Stewart
More information about the talk
mailing list