[Cryptography] PGP Key Signing parties

Tony Naggs tonynaggs at gmail.com
Thu Oct 17 04:52:14 EDT 2013


On 16 October 2013 21:29, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> The point I was trying to make when I started the thread was not so much to
> ask whether they took place as to whether they could be improved and made
> more useful if they were recognized as distinct events with a specific set
> of endorsement attributes.

My fault, sorry. Though I think it was illuminating to uncover that key signing
seems more common within certain types of communities. For PGP key
signing I still think ownership of the email address/contact details
being signed
is sufficient criteria, but if a key maybe used to say sign legal contracts then
ID requirements are higher. Maybe these levels of knowledge can be captured
at signing.

> In particular, I was thinking of key ceremony as being potentially a means
> of spreading the use of strong crypto beyond ultra-techy communities. To
> doctors, lawyers etc.

Spreading the use of strong crypto is good. :-)

> Such groups would probably require (and pay for) the services of a compere
> to run the process. If it was appropriately designed it can become part of
> the social mingling.

My experience of PGP in a corporate setting is that keys are signed by
the company's keyserver & that additional keys to encrypt to are added.

I would be more inclined to share my (PGP) key and sign others if it was
simple to do, such as touching 2 NFC enabled mobile phones together.

Tony


More information about the cryptography mailing list