DaB. wrote:
Hello all,
I think that when such a number of people come together it would be nice to have a key-signing in Berlin. If you have no idea, what a key-signing is, look at the wikipedia-article [[en:Key_signing_party]].
Private keys can be compromised by anyone with a whim and a few thousand dollars, either physically by compromise of the device, or remotely by social engineering or zero-day exploit. Key signing parties are premised on the idea that private keys are really private. Since they aren't, the additional security of a real-life meeting is somewhat farcical.
Maybe in the crypto-anarchist fantasy future, filled with hostile corporations and goverments, it would make sense. But in the real world, I think the SSL hierarchy provides a better model. It has a central authority with some competence in identity verification and security, which can issue a revocation certificate even if someone burns your house down. And you can verify the authenticity of a public key even if you don't have any friends.
My vote is for a Guitar Hero party instead.
-- Tim Starling