fsuk-manchester
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fsuk-manchester] Keysigning (was: SFD09 – The final call for volun

From: Robert Burrell Donkin
Subject: Re: [Fsuk-manchester] Keysigning (was: SFD09 – The final call for volunteers)
Date: Fri, 18 Sep 2009 15:47:58 +0100 
On Fri, Sep 18, 2009 at 2:44 PM, Dave Page <address@hidden> wrote:
> On Friday 18 September 2009 13:19:42 Robert Burrell Donkin wrote:
>
>> my new key is well connected to the Apache WOT through the old key
>> one. i'll have my passport and cards with my key fingerprint on.
>
> See, signing keys using passports is IMHO a bad idea, which is why it's worth
> having a discussion about keysigning, what it involves and what you're trying
> to achieve with it.

my primary use case is release security but public key cryptography is
flexible and can be used for lots of different stuff

please feel free to kick off the discussion :-)

> I won't (indeed, can't) take part in a keysigning that
> requires passports.

i will have my passport and my fingerprint. if you don't want to see
my passport, that's cool with me.

the great thing about OpenPGP is that it's design allows hetrogeneous
trust choices and multiple trust model

my policy is that i don't create public signatures with my code
signing key unless i have been able to confidently verify identity.
this is not unusual for keys used to secure release infrastructure.

other people have different policies. some people have different
policies for different keys. that's all cool by me.

the only downside of not bringing photo id to a keysigning is that
some people may elect not to sign your key (or not to publish the
signature)

- robert
reply via email to
[Prev in Thread] Current Thread [Next in Thread]