:: Re: [Squatconf] Keysigning Party
Top Page
Delete this message
Reply to this message
Author: ksenya b
Date:  
To: squatconf
Subject: Re: [Squatconf] Keysigning Party
Thanks, Kate!
I'm sure whoever wants to get their keys signed would do so. I'll be
interested to hear more about about WoT in it's current state, specially
about potential vulnerabilities as it is something that a number of people
might be relying on for their safety.
I have a lot of questions concerning WoT and know very little about it. I'm
familiar with Keybase. The fact of verifying someone's identity this way
seems a bit counterintuitive, unless it is someone I know fairly well. I
could be working for FSB and trying to get someone else's identity signed.
Why would you sign it? Anyhow, I'm looking forward to learning more about
WoT.
I wouldn't worry about the fact that time slots are taken - if it is a
relevant topic, there will be people willing to discuss it any time in
between.

Best,

Ksenya


On 26 April 2016 at 19:40, Stephen Whitmore <stephen.whitmore@???>
wrote:

> Kate,
>
> Well written! I'm interested in helping organized/run a key signing
> party -- I think we can definitely find time around the conf to make
> this happen.
>
>
> On 04/26 12:13, Kate Dawson wrote:
> > Hi,
> >
> > I am of the opinion that a keysigning, and building the Web of Trust is
> an
> > important piece of Tech activism that allows people to cryptographically
> validate
> > and authenticate communications endpoints, without having to resort to a
> > central authority.
> >
> > This allows various projects and organisations to perform some level of
> > validation of identity across geographically large distances. For
> > example Debian.
> >
> > For me, It's really unlikely that I will ever travel to the USA, however
> > by keysigning, getting my key into the Web of Trust, I am able to have
> > secure communications with people in the USA, with some reasonable
> > assurances that those communications have certain properties of
> > confidentiality, integrity and authenticity.
> >
> > Now I know it's not fashionable to use OpenPGP, and all the cool kids
> > are using Slack to chat and Github for ID, however I've never been one
> for
> > fashion. This is a technology that works for me, and has done for a
> > decade or more. Getting signatures on a key strengthens it's validity,
> > increases the connectedness of the WoT, and build a fault tolerant
> > decentralized mechanism to bootstrap the "key exchange problem"
> >
> > Now, I know, someone will then announce that the WoT is a datamining,
> > network mapping, spy system, to gather the whereabouts of all crypto
> > geeks on the planet. That maybe! At least it's not monetized like the
> > other network mapping data mining systems we happily give our data to on
> > a daily basis. Additionally there are technical solutions to these
> > problems. It's possible to use a "Local" signing feature of GnuPG. These
> > signatures are not able to be exported to keyservers, preventing the
> > visibility of signing to a 3rd party.
> >
> > Additionally the point about "trust" raised below, is a common
> > misconception. It's not "trust" as in "do I trust you to repay a loan of
> > 5€ to me" - but do I trust that you are the holder of a piece of
> > cryptographic keying material associated with a communications endpoint.
> >
> >
> > For maximum efficiency, the keysigning will use a modified
> > Zimmermann–Sassaman key-signing protocol:
> >
> > http://www.cryptnet.net/mirrors/docs/zimmermann-sassaman.txt
> >
> >
> > Participants will enter their public key fingerprints into an online
> > document
> >
> > For example, ( but we may decide to not use this particular pad on the
> > day )
> > https://pad.riseup.net/p/squatconf.eu-2016-keysigning
> >
> > After a certain time the document will be locked, and downloaded by
> > participants.
> > The sha256 of the document will be compared and checked
> > amongst participants.
> > They party facilitator will read out the fingerprints to the
> > participants, who will confirm that they are correct.
> >
> > Participants will take their copy of the document and sign only those
> > verified keys at a later date.
> >
> > In my experiences this has been a working and usable technique make
> > signing work well. Yes its a bit of a chore, and no, it's not as fun as
> > sitting and listening to someone explaining the latest cool programming
> > framework, but it's a real practical activity that makes the world a
> better place.
> >
> >
> > Regards,
> >
> > Kate
> >
> > On Tue, Apr 26, 2016 at 10:54:38AM +0200, Jérôme Loï wrote:
> > > Hi there Kate,
> > > yes cfp is closed, and schedule is actually quite packed yet.
> > >
> > > about key signing party, thanks for raising the question. from this
> moment i’ll talk on my behalf and not as an organiser.
> > >
> > > I believe that trust comes form human to human interaction in a longer
> scale than a 2 day event, hence key signing party does not allow me to
> build the trust i would require to endorse someone.
> > >
> > > I usually sign key of ppl i KNOW, not ppl i just met, so imo, this
> does not deserve “dedicated” time.
> > >
> > > Still now that the subject is on the table, I’m waiting for the
> discutions this mail will probably raise and stay open for argument that
> would switch my mind, or make most of the org to disagree with me.
> > >
> > > Regards
> > > Jérome
> > >
> > >
> > > > On 25 Apr 2016, at 23:58, Kate Dawson <k4t@???> wrote:
> > > >
> > > > I note that the CFP has closed.
> > > > But there is not Keysigning party
> > > >
> > > > Is there opportunity to get such a thing still on the timetable ?
> > > >
> > > > Regards,
> > > > Kate
> > > > --
> > > > "The introduction of a coordinate system to geometry is an act of
> violence"
> > > > _______________________________________________
> > > > Squatconf mailing list
> > > > Squatconf@???
> > > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/squatconf
> > >
> > > _______________________________________________
> > > Squatconf mailing list
> > > Squatconf@???
> > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/squatconf
> >
> > --
> > "The introduction of a coordinate system to geometry is an act of
> violence"
>
>
>
> > _______________________________________________
> > Squatconf mailing list
> > Squatconf@???
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/squatconf
>
> _______________________________________________
> Squatconf mailing list
> Squatconf@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/squatconf
>