:: Re: [Squatconf] Keysigning Party
Forside
Slet denne besked
Besvar denne besked
Skribent: Stephen Whitmore
Dato:  
Til: squatconf
Emne: Re: [Squatconf] Keysigning Party
Kate,

Well written! I'm interested in helping organized/run a key signing
party -- I think we can definitely find time around the conf to make
this happen.


On 04/26 12:13, Kate Dawson wrote:
> Hi,
>
> I am of the opinion that a keysigning, and building the Web of Trust is an
> important piece of Tech activism that allows people to cryptographically validate
> and authenticate communications endpoints, without having to resort to a
> central authority.
>
> This allows various projects and organisations to perform some level of
> validation of identity across geographically large distances. For
> example Debian.
>
> For me, It's really unlikely that I will ever travel to the USA, however
> by keysigning, getting my key into the Web of Trust, I am able to have
> secure communications with people in the USA, with some reasonable
> assurances that those communications have certain properties of
> confidentiality, integrity and authenticity.
>
> Now I know it's not fashionable to use OpenPGP, and all the cool kids
> are using Slack to chat and Github for ID, however I've never been one for
> fashion. This is a technology that works for me, and has done for a
> decade or more. Getting signatures on a key strengthens it's validity,
> increases the connectedness of the WoT, and build a fault tolerant
> decentralized mechanism to bootstrap the "key exchange problem"
>
> Now, I know, someone will then announce that the WoT is a datamining,
> network mapping, spy system, to gather the whereabouts of all crypto
> geeks on the planet. That maybe! At least it's not monetized like the
> other network mapping data mining systems we happily give our data to on
> a daily basis. Additionally there are technical solutions to these
> problems. It's possible to use a "Local" signing feature of GnuPG. These
> signatures are not able to be exported to keyservers, preventing the
> visibility of signing to a 3rd party.
>
> Additionally the point about "trust" raised below, is a common
> misconception. It's not "trust" as in "do I trust you to repay a loan of
> 5€ to me" - but do I trust that you are the holder of a piece of
> cryptographic keying material associated with a communications endpoint.
>
>
> For maximum efficiency, the keysigning will use a modified
> Zimmermann–Sassaman key-signing protocol:
>
> http://www.cryptnet.net/mirrors/docs/zimmermann-sassaman.txt
>
>
> Participants will enter their public key fingerprints into an online
> document
>
> For example, ( but we may decide to not use this particular pad on the
> day )
> https://pad.riseup.net/p/squatconf.eu-2016-keysigning
>
> After a certain time the document will be locked, and downloaded by
> participants.
> The sha256 of the document will be compared and checked
> amongst participants.
> They party facilitator will read out the fingerprints to the
> participants, who will confirm that they are correct.
>
> Participants will take their copy of the document and sign only those
> verified keys at a later date.
>
> In my experiences this has been a working and usable technique make
> signing work well. Yes its a bit of a chore, and no, it's not as fun as
> sitting and listening to someone explaining the latest cool programming
> framework, but it's a real practical activity that makes the world a better place.
>
>
> Regards,
>
> Kate
>
> On Tue, Apr 26, 2016 at 10:54:38AM +0200, Jérôme Loï wrote:
> > Hi there Kate,
> > yes cfp is closed, and schedule is actually quite packed yet.
> >
> > about key signing party, thanks for raising the question. from this moment i’ll talk on my behalf and not as an organiser.
> >
> > I believe that trust comes form human to human interaction in a longer scale than a 2 day event, hence key signing party does not allow me to build the trust i would require to endorse someone.
> >
> > I usually sign key of ppl i KNOW, not ppl i just met, so imo, this does not deserve “dedicated” time.
> >
> > Still now that the subject is on the table, I’m waiting for the discutions this mail will probably raise and stay open for argument that would switch my mind, or make most of the org to disagree with me.
> >
> > Regards
> > Jérome
> >
> >
> > > On 25 Apr 2016, at 23:58, Kate Dawson <k4t@???> wrote:
> > >
> > > I note that the CFP has closed.
> > > But there is not Keysigning party
> > >
> > > Is there opportunity to get such a thing still on the timetable ?
> > >
> > > Regards,
> > > Kate
> > > --
> > > "The introduction of a coordinate system to geometry is an act of violence"
> > > _______________________________________________
> > > Squatconf mailing list
> > > Squatconf@???
> > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/squatconf
> >
> > _______________________________________________
> > Squatconf mailing list
> > Squatconf@???
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/squatconf
>
> --
> "The introduction of a coordinate system to geometry is an act of violence"




> _______________________________________________
> Squatconf mailing list
> Squatconf@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/squatconf