fsuk-manchester
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fsuk-manchester] Keysigning (was: SFD09 – The final call for volun


From: Leslie I'Anson
Subject: Re: [Fsuk-manchester] Keysigning (was: SFD09 – The final call for volunteers)
Date: Fri, 18 Sep 2009 17:41:29 +0100

Despite the risk of some people finding this topic a little dry, I
strongly believe that a well organised workshop, or series of
workshops, where discussions like this can take place and people can
learn from those more experienced is a good idea.

I hope you all agree and will support such an event.

Thanks again,
Leslie

On 18/09/2009, Robert Burrell Donkin <address@hidden> wrote:
> On Fri, Sep 18, 2009 at 2:44 PM, Dave Page <address@hidden>
> wrote:
>> On Friday 18 September 2009 13:19:42 Robert Burrell Donkin wrote:
>>
>>> my new key is well connected to the Apache WOT through the old key
>>> one. i'll have my passport and cards with my key fingerprint on.
>>
>> See, signing keys using passports is IMHO a bad idea, which is why it's
>> worth
>> having a discussion about keysigning, what it involves and what you're
>> trying
>> to achieve with it.
>
> my primary use case is release security but public key cryptography is
> flexible and can be used for lots of different stuff
>
> please feel free to kick off the discussion :-)
>
>> I won't (indeed, can't) take part in a keysigning that
>> requires passports.
>
> i will have my passport and my fingerprint. if you don't want to see
> my passport, that's cool with me.
>
> the great thing about OpenPGP is that it's design allows hetrogeneous
> trust choices and multiple trust model
>
> my policy is that i don't create public signatures with my code
> signing key unless i have been able to confidently verify identity.
> this is not unusual for keys used to secure release infrastructure.
>
> other people have different policies. some people have different
> policies for different keys. that's all cool by me.
>
> the only downside of not bringing photo id to a keysigning is that
> some people may elect not to sign your key (or not to publish the
> signature)
>
> - robert
>
>
> _______________________________________________
> Fsuk-manchester mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/fsuk-manchester
>


-- 
http://www.fsf.org/ Support The Freedom!




reply via email to

[Prev in Thread] Current Thread [Next in Thread]