[Cryptography] PGP Key Signing parties
Eugen Leitl
eugen at leitl.org
Fri Oct 11 07:24:44 EDT 2013
On Thu, Oct 10, 2013 at 04:24:19PM -0700, Glenn Willen wrote:
> I am going to be interested to hear what the rest of the list says about
> this, because this definitely contradicts what has been presented to me as
> 'standard practice' for PGP use -- verifying identity using government issued
> ID, and completely ignoring personal knowledge.
This obviously ignores the threat model of official fake IDs.
This is not just academic for some users.
Plus, if you're e.g. linking up with known friends in RetroShare
(which implements identities via PGP keys, and degrees of
trust (none/marginal/full) by signatures, and allows you to
tune your co-operative variables (Anonymous routing/discovery/
forums/channels/use a direct source, if available) depending on
the degree of trust.
More information about the cryptography
mailing list