[Foundation-l] PGP-keysign at the tech/chapter-meeting
Tim Starling
tstarling at wikimedia.org
Wed Apr 1 12:51:01 UTC 2009
DaB. wrote:
> Hello all,
>
> I think that when such a number of people come together it would be nice to
> have a key-signing in Berlin. If you have no idea, what a key-signing is, look
> at the wikipedia-article [[en:Key_signing_party]].
Private keys can be compromised by anyone with a whim and a few
thousand dollars, either physically by compromise of the device, or
remotely by social engineering or zero-day exploit. Key signing
parties are premised on the idea that private keys are really private.
Since they aren't, the additional security of a real-life meeting is
somewhat farcical.
Maybe in the crypto-anarchist fantasy future, filled with hostile
corporations and goverments, it would make sense. But in the real
world, I think the SSL hierarchy provides a better model. It has a
central authority with some competence in identity verification and
security, which can issue a revocation certificate even if someone
burns your house down. And you can verify the authenticity of a public
key even if you don't have any friends.
My vote is for a Guitar Hero party instead.
-- Tim Starling
More information about the foundation-l
mailing list