APM: PGP/GPG/OpenPGP keysigning party
Taylor Carpenter
taylor at codecafe.com
Tue Jan 22 13:15:37 PST 2008
Event: GPG Key signing party
Place: Mangia Pizza (Gracy Farms)
Time: 7pm-9pm (or later)
What to do?
Send me your pgp/gpg public key or the id (with the keyserver to use).
Bring your key finger print
Bring a photo ID
Enjoy some good beer and pizza.
Why have a key signing party?
To allow people who use (or wish to use) GPG/PGP to digitally sign
each others keys. This increases the web of trust.
What is the web of trust?
"Web of trust" is a term used to describe the trust relationships
between a group of keys. A key signature is a link, or strand if you
will, in the web of trust. These links are called "Trust Paths". Trust
paths can be bi-directional or only one way. The ideal web of trust is
one in which everyone is connected bi-directionally to everyone else.
In effect, everyone trusts that every key does in fact belong to its
owner. The web of trust can be thought of as the sum of all the trust
paths, or links, between all key holding parties.
In simpler terms: The more people you have signing your key.. that
have verified in person who you are matching your key.. The more
useful your key is in signing, encrypting, etc... When you sign with
your key people can verify its you based on the signatures attached...
especially if they have exhanged sigs with someone on your key chain
See the wikipedia article http://en.wikipedia.org/wiki/Web_of_trust
Why should you encrypt?
You wish privacy... maybe email... maybe something else. One example
would be encrypting a shared file that is accessed by several
developers in a company that has passwords and other data that should
not be left in a plain text form. Here is some info on why various
people use encryption
http://www.pgpi.org/doc/whypgp/en/
http://www.goingware.com/encryption/
http://www.usatoday.com/tech/columnist/andrewkantor/2004-03-19-kantor_x.htm
Why should you sign anything digitally?
So that another party knows your email, software package, or document
is really from you. Signing RPMs is a good example.
More information about the Austin
mailing list