[Foundation-l] PGP-keysign at the tech/chapter-meeting
Simetrical+wikilist at gmail.com
Wed Apr 1 13:48:15 UTC 2009
On Wed, Apr 1, 2009 at 8:51 AM, Tim Starling <tstarling at wikimedia.org> wrote:
> Private keys can be compromised by anyone with a whim and a few
> thousand dollars, either physically by compromise of the device, or
> remotely by social engineering or zero-day exploit. Key signing
> parties are premised on the idea that private keys are really private.
> Since they aren't, the additional security of a real-life meeting is
> somewhat farcical.
Moreover, what's to stop someone from showing up and claiming to be
you? How are you going to confirm that -- by their telling you
they're coming and what they look like, over the Internet? Why don't
they just sign your keys over the Internet and skip the middle-man?
Not to be negative or anything, sorry. (I'm not even going to be there.)
More information about the foundation-l