Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
PGP key signing parties?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
jtr
n00b
n00b


Joined: 27 Nov 2002
Posts: 2

PostPosted: Fri Dec 06, 2002 11:03 am    Post subject: PGP key signing parties? Reply with quote

Do y'all go to these things?

I'm in the Boston area, and I'm planning to attend the BLU-UG keysigning party in mid-January.
Back to top
View user's profile Send private message
lx
Veteran
Veteran


Joined: 28 May 2002
Posts: 1012
Location: Netherlands

PostPosted: Fri Dec 06, 2002 5:18 pm    Post subject: Reply with quote

What do you sign? do you encrypt packages or what?
_________________
"Remember there's a big difference between kneeling down and bending over.", Frank Zappa
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Fri Dec 06, 2002 5:38 pm    Post subject: Reply with quote

lx wrote:
What do you sign?

GnuPG is based on a web-of-trust model, which essentially a transitive trust model. If you trust person A and they trust person B, then it's safe for you to trust person B as well, even though you may not know them.

I've just grossly oversimplified the whole process -- you can tier different levels of trust and lots of other cool stuff, but that's the general idea.

So, keysigning parties are designed to allow people to meet face-to-face, check driver's licenses to verify identities, etc. Then, people exchange public key fingerprints (generally printed out on pieces of paper), go home and sign each others keys saying they now trust this person. (BTW, the concept of "trust" boils down to whether or not you believe John Doe is really John Doe)

For a much better explanation of the web of trust concept, as well as why keysigning parties exist, interested parties should read the "GNU Privacy Handbook"

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
lx
Veteran
Veteran


Joined: 28 May 2002
Posts: 1012
Location: Netherlands

PostPosted: Fri Dec 06, 2002 8:37 pm    Post subject: Reply with quote

Well I thought you have a public key and a private key, but well I guess that at these parties it's really about the person behind the key itself, wonder if there's a general agency which records if the person owning a public key is really the person who he claims to be. Well with palladium you don't need trust anymore, yeah right..........

Thkx for explaining,

Cya lX.
_________________
"Remember there's a big difference between kneeling down and bending over.", Frank Zappa
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Fri Dec 06, 2002 8:49 pm    Post subject: Reply with quote

lx wrote:
wonder if there's a general agency which records if the person owning a public key is really the person who he claims to be.

Yes -- you can get a personal certificate from Verisign, Thawte, etc. They essentially sign your public key verifiying that you are who you say you are, then they provide lookup services so you can validate things as well. Slightly different concept than the web-of-trust model -- centralized vs. distributed.

There's also public keyservers like keyserver.net and pgp.mit.edu that allow you to store your key centrally for others to look up easily. This doesn't replace the web-of-trust, but it does make it easier for others to look up your public key.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
lx
Veteran
Veteran


Joined: 28 May 2002
Posts: 1012
Location: Netherlands

PostPosted: Fri Dec 06, 2002 10:41 pm    Post subject: Reply with quote

Could somebody please hit me over the head with a frying pan, I freakin knew verisign did that........ although I didn't see it as a solution for common people (expensive etc).

Thkx anyway,

Cya lX.
_________________
"Remember there's a big difference between kneeling down and bending over.", Frank Zappa
Back to top
View user's profile Send private message
B_F_Skinner
n00b
n00b


Joined: 02 Oct 2002
Posts: 71
Location: Seattle, Washington

PostPosted: Sat Dec 07, 2002 8:54 am    Post subject: Reply with quote

Why would you bother signing when you can frag the night away?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum