APM: PGP/GPG/OpenPGP keysigning party

Taylor Carpenter taylor at codecafe.com
Tue Jan 22 13:15:37 PST 2008


Event: GPG Key signing party
Place: Mangia Pizza (Gracy Farms)
Time: 7pm-9pm (or later)

What to do?
	Send me your pgp/gpg public key or the id (with the keyserver to use).
	Bring your key finger print
	Bring a photo ID
	Enjoy some good beer and pizza.


Why have a key signing party?

	To allow people who use (or wish to use) GPG/PGP to digitally sign  
each others keys.  This increases the web of trust.

What is the web of trust?
	
	"Web of trust" is a term used to describe the trust relationships  
between a group of keys. A key signature is a link, or strand if you  
will, in the web of trust. These links are called "Trust Paths". Trust  
paths can be bi-directional or only one way. The ideal web of trust is  
one in which everyone is connected bi-directionally to everyone else.  
In effect, everyone trusts that every key does in fact belong to its  
owner. The web of trust can be thought of as the sum of all the trust  
paths, or links, between all key holding parties.

	In simpler terms: The more people you have signing your key.. that  
have verified in person who you are matching your key.. The more  
useful your key is in signing, encrypting, etc... When you sign with  
your key people can verify its you based on the signatures attached...  
especially if they have exhanged sigs with someone on your key chain

	See the wikipedia article http://en.wikipedia.org/wiki/Web_of_trust

Why should you encrypt?

	You wish privacy... maybe email... maybe something else.  One example  
would be encrypting a shared file that is accessed by several  
developers in a company that has passwords and other data that should  
not be left in a plain text form.  Here is some info on why various  
people use encryption

	http://www.pgpi.org/doc/whypgp/en/
	http://www.goingware.com/encryption/
	http://www.usatoday.com/tech/columnist/andrewkantor/2004-03-19-kantor_x.htm

Why should you sign anything digitally?

	So that another party knows your email, software package, or document  
is really from you.  Signing RPMs is a good example.



More information about the Austin mailing list