:: Re: [Squatconf] Keysigning Party
Góra strony
Delete this message
Reply to this message
Autor: Kate Dawson
Data:  
Dla: squatconf
Temat: Re: [Squatconf] Keysigning Party
Hi,

I am of the opinion that a keysigning, and building the Web of Trust is an
important piece of Tech activism that allows people to cryptographically validate
and authenticate communications endpoints, without having to resort to a
central authority.

This allows various projects and organisations to perform some level of
validation of identity across geographically large distances. For
example Debian.

For me, It's really unlikely that I will ever travel to the USA, however
by keysigning, getting my key into the Web of Trust, I am able to have
secure communications with people in the USA, with some reasonable
assurances that those communications have certain properties of
confidentiality, integrity and authenticity.

Now I know it's not fashionable to use OpenPGP, and all the cool kids
are using Slack to chat and Github for ID, however I've never been one for
fashion. This is a technology that works for me, and has done for a
decade or more. Getting signatures on a key strengthens it's validity,
increases the connectedness of the WoT, and build a fault tolerant
decentralized mechanism to bootstrap the "key exchange problem"

Now, I know, someone will then announce that the WoT is a datamining,
network mapping, spy system, to gather the whereabouts of all crypto
geeks on the planet. That maybe! At least it's not monetized like the
other network mapping data mining systems we happily give our data to on
a daily basis. Additionally there are technical solutions to these
problems. It's possible to use a "Local" signing feature of GnuPG. These
signatures are not able to be exported to keyservers, preventing the
visibility of signing to a 3rd party.

Additionally the point about "trust" raised below, is a common
misconception. It's not "trust" as in "do I trust you to repay a loan of
5€ to me" - but do I trust that you are the holder of a piece of
cryptographic keying material associated with a communications endpoint.


For maximum efficiency, the keysigning will use a modified
Zimmermann–Sassaman key-signing protocol:

http://www.cryptnet.net/mirrors/docs/zimmermann-sassaman.txt


Participants will enter their public key fingerprints into an online
document

For example, ( but we may decide to not use this particular pad on the
day )
https://pad.riseup.net/p/squatconf.eu-2016-keysigning

After a certain time the document will be locked, and downloaded by
participants.
The sha256 of the document will be compared and checked
amongst participants.
They party facilitator will read out the fingerprints to the
participants, who will confirm that they are correct.

Participants will take their copy of the document and sign only those
verified keys at a later date.

In my experiences this has been a working and usable technique make
signing work well. Yes its a bit of a chore, and no, it's not as fun as
sitting and listening to someone explaining the latest cool programming
framework, but it's a real practical activity that makes the world a better place.


Regards,

Kate

On Tue, Apr 26, 2016 at 10:54:38AM +0200, Jérôme Loï wrote:
> Hi there Kate,
> yes cfp is closed, and schedule is actually quite packed yet.
>
> about key signing party, thanks for raising the question. from this moment i’ll talk on my behalf and not as an organiser.
>
> I believe that trust comes form human to human interaction in a longer scale than a 2 day event, hence key signing party does not allow me to build the trust i would require to endorse someone.
>
> I usually sign key of ppl i KNOW, not ppl i just met, so imo, this does not deserve “dedicated” time.
>
> Still now that the subject is on the table, I’m waiting for the discutions this mail will probably raise and stay open for argument that would switch my mind, or make most of the org to disagree with me.
>
> Regards
> Jérome
>
>
> > On 25 Apr 2016, at 23:58, Kate Dawson <k4t@???> wrote:
> >
> > I note that the CFP has closed.
> > But there is not Keysigning party
> >
> > Is there opportunity to get such a thing still on the timetable ?
> >
> > Regards,
> > Kate
> > --
> > "The introduction of a coordinate system to geometry is an act of violence"
> > _______________________________________________
> > Squatconf mailing list
> > Squatconf@???
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/squatconf
>
> _______________________________________________
> Squatconf mailing list
> Squatconf@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/squatconf


--
"The introduction of a coordinate system to geometry is an act of violence"