[Cryptography] Thoughts about keys
Jeremy Stanley
fungi at yuggoth.org
Sat Aug 31 21:16:50 EDT 2013
On 2013-08-25 16:29:42 -0400 (-0400), Perry E. Metzger wrote:
[...]
> If I meet someone at a reception at a security conference, they might
> scrawl their email address ("alice at example.org") for me on a cocktail
> napkin.
>
> I'd like to be able to then write to them, say to discuss their
> exciting new work on evading censorship of mass releases of stolen
> government documents using genetically engineered fungal spores to
> disseminate the information in the atmosphere worldwide.
>
> However, in our new "everything is always encrypted" world, I'll be
> needing their encryption key, and no one can remember something as
> long as that.
>
> So, how do I translate "alice at example.org" into a key?
>
> Now, the PGP web-of-trust model, which I think is broken, would have
> said "check a key server, see if there's a reasonable trust path
> between you and Alice."
[...]
At free software conferences, where there is heavy community
penetration for OpenPGP already, it is common for many of us to
bring business cards (or even just slips of paper) with our name,
E-mail address and 160-bit key fingerprint. Useful not only for key
signing (when accompanied by photo identification), but also simply
allows someone to retrieve your key from a public keyserver and
confirm the fingerprint matches the one you handed them.
--
{ PGP( 48F9961143495829 ); FINGER( fungi at cthulhu.yuggoth.org );
WWW( http://fungi.yuggoth.org/ ); IRC( fungi at irc.yuggoth.org#ccl );
WHOIS( STANL3-ARIN ); MUD( kinrui at katarsis.mudpy.org:6669 ); }
More information about the cryptography
mailing list