PGP/GPG key signing party? - PGP

This is a discussion on PGP/GPG key signing party? - PGP ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PGP/GPG key signing party? Hey there, I was wondering if anyone has heard of any PGP/GPG key signing parties coming up. I am in Salt Lake City, Utah and would be interested in getting ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: PGP/GPG key signing party?

  1. PGP/GPG key signing party?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    PGP/GPG key signing party?


    Hey there,
    I was wondering if anyone has heard of any PGP/GPG key signing
    parties coming up. I am in Salt Lake City, Utah and would be
    interested in getting a few people together to sign keys for a
    web of trust. Drop me an email if you are interested.
    ~Michael Dansie


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (MingW32) - GPGshell v3.45
    Comment: PGP Public Key: http://tinyurl.com/7v5q5

    iD8DBQFDE29RG0IHzRkfvC4RAkisAKCqU6iOfzq/MMiAH16MZtkgQTdqlgCg1Ip9
    24+M6etjF29twxqrLK9dJl8=
    =FYzg
    -----END PGP SIGNATURE-----


  2. Re: PGP/GPG key signing party?

    On Mon, 29 Aug 2005 13:27:42 -0700, RunningUtes wrote:
    > Hey there,
    > I was wondering if anyone has heard of any PGP/GPG key signing
    > parties coming up. I am in Salt Lake City, Utah and would be
    > interested in getting a few people together to sign keys for a
    > web of trust. Drop me an email if you are interested.
    > ~Michael Dansie


    Big Lumber (http://biglumber.com/) seems to be a popular way of finding
    and/or setting up key signing parties. It worked well for me recently
    when I was on a trip across the US.

  3. Re: PGP/GPG key signing party?

    In article <1125347262.500405.273720@z14g2000cwz.googlegroups. com>,
    wrote:
    >I was wondering if anyone has heard of any PGP/GPG key signing
    >parties coming up.


    No, just like in the other two newsgroups (and counting) that you
    multi-posted this to.

    --
    Gregory Pratt gp@panix.com
    East Rutherford, NJ, USA http://www.panix.com/~gp/
    "The only good spammer is a dead spammer."
    PGP Key Fingerprint: DC60 FCDE 91E2 3D41 91A3 45DB B474 3D3A 3621 AAFE

  4. Re: PGP/GPG key signing party?

    RunningUtes@gmail.com wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > PGP/GPG key signing party?
    >
    >
    > Hey there,
    > I was wondering if anyone has heard of any PGP/GPG key signing
    > parties coming up. I am in Salt Lake City, Utah and would be
    > interested in getting a few people together to sign keys for a
    > web of trust. Drop me an email if you are interested.
    > ~Michael Dansie
    >
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.2 (MingW32) - GPGshell v3.45
    > Comment: PGP Public Key: http://tinyurl.com/7v5q5
    >
    > iD8DBQFDE29RG0IHzRkfvC4RAkisAKCqU6iOfzq/MMiAH16MZtkgQTdqlgCg1Ip9
    > 24+M6etjF29twxqrLK9dJl8=
    > =FYzg
    > -----END PGP SIGNATURE-----
    >

    Not sure I see the use of this ... a bunch of strangers get together to
    sign each others keys.... how does this create trust? E.g. "falsename"
    signs "mafia"'s key, which is also signed by "fraudster" and
    "scriptkiddie". It is only a "web of trust" if the signing is done by
    people who *trust* each other, not by random people at parties.
    If there is more to it than this, please explain.

  5. Re: PGP/GPG key signing party?



    none wrote:

    > RunningUtes@gmail.com wrote:
    > PGP/GPG key signing party?
    >
    >
    > Hey there,
    > I was wondering if anyone has heard of any PGP/GPG key signing
    > parties coming up. I am in Salt Lake City, Utah and would be
    > interested in getting a few people together to sign keys for a
    > web of trust. Drop me an email if you are interested.
    > ~Michael Dansie
    >
    >
    >>

    > Not sure I see the use of this ... a bunch of strangers get together to
    > sign each others keys.... how does this create trust? E.g. "falsename"
    > signs "mafia"'s key, which is also signed by "fraudster" and
    > "scriptkiddie". It is only a "web of trust" if the signing is done by
    > people who *trust* each other, not by random people at parties.
    > If there is more to it than this, please explain.


    You make a very good point, there should be more to it than that. There
    is no way you can satisfactorily identify someone by a passport or
    drivers licence alone, they could be fake. Some form of extra knowledge
    is desirable, best of all being that the person should have been known
    to you for some time. A discussion of projects in which you are both
    involved and about which few others would know might be a lesser but
    quite good "ID", for example.

    Whilst identification is rarely 100% certain, you can get close - but
    like you, I don't think a "party" with complete strangers is anywhere
    near enough, unless one of them can vouch for others and is personally
    known to you.

    Regards,

    Bob


    --
    Remove "x" from address to reply by email


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (MingW32)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFESJR0/yGczvugYoIRAj8UAJ954vFDyejRdRmhPyy/LIS9IupdjwCgmc4m
    G9nA8Raw+RyNgJBMi/DTV+E=
    =pJ2b
    -----END PGP SIGNATURE-----


  6. Re: PGP/GPG key signing party?

    Bob Henson wrote:
    >
    > none wrote:
    >
    >> RunningUtes@gmail.com wrote:
    >> PGP/GPG key signing party?
    >>
    >>
    >> Hey there,
    >> I was wondering if anyone has heard of any PGP/GPG key signing
    >> parties coming up. I am in Salt Lake City, Utah and would be
    >> interested in getting a few people together to sign keys for a
    >> web of trust. Drop me an email if you are interested.
    >> ~Michael Dansie
    >>
    >>
    >> Not sure I see the use of this ... a bunch of strangers get together to
    >> sign each others keys.... how does this create trust? E.g. "falsename"
    >> signs "mafia"'s key, which is also signed by "fraudster" and
    >> "scriptkiddie". It is only a "web of trust" if the signing is done by
    >> people who *trust* each other, not by random people at parties.
    >> If there is more to it than this, please explain.

    >
    > You make a very good point, there should be more to it than that. There
    > is no way you can satisfactorily identify someone by a passport or
    > drivers licence alone, they could be fake. Some form of extra knowledge
    > is desirable, best of all being that the person should have been known
    > to you for some time. A discussion of projects in which you are both
    > involved and about which few others would know might be a lesser but
    > quite good "ID", for example.
    >
    > Whilst identification is rarely 100% certain, you can get close - but
    > like you, I don't think a "party" with complete strangers is anywhere
    > near enough, unless one of them can vouch for others and is personally
    > known to you.


    The concept of a key-signing party requires that the participants accept
    the amount of identification required of each other. If I were to
    participate, I would expect at least two forms of ID. One would have to
    be a picture ID (e.g., passport, driver's license). The other ID would
    have to have the same name as the first ID and also indicate that the
    person holding it has been recognized by someone else (e.g., a utility
    bill, bank statement). I would want to be able to handle these IDs.

    A lot of fiction has been written (based somewhat on reality) about
    people who supposedly know each other for years but where one of them is
    really living as a faked identity. This fiction (and the non-fiction
    behind it) even involves married couples where one spouse is not who he
    or she asserts.

    Thus, there are limits to our ability to confirm identity short of the
    investigation done by the government when issuing a security clearance.
    Even then, such investigations have sometimes proven inadequate.
    Individuals with security clearances are sometimes found to commit
    violations and are prosecuted and jailed.

    --

    David E. Ross


    Concerned about someone (e.g., Pres. Bush) snooping
    into your E-mail? Use PGP.
    See my

+ Reply to Thread