On Mon, Oct 8, 2012 at 7:46 PM, Marvin Humphrey <mar...@rectangular.com>wrote:
> On Mon, Oct 8, 2012 at 8:51 AM, Branko Čibej <br...@apache.org> wrote: > > > It says clearly, "as long as you can guarantee that you are > > communicating with the key's true owner." Which was exactly my point. > > I assert a "virtual key-signing party" protocol incorportating Google Plus > Hangouts could offer comparable assurances to a face-to-face key signing > party. I speculate that such a protocol would utilize the "Hangouts On > Air"[1] feature which archives the hangout video directly to YouTube, along > with possibly mailing list interaction and commits to ASF version control > to > achieve a layered approach a la multi-factor authentication. Arguably, > having > archived video would make the virtual protocol _stronger_ than > face-to-face. > > Whether such an initiative would be worth the effort is a different > question, > but video conferencing should not be dismissed out-of-hand as a tool for > helping to associate a key with the key's true owner. > > [1] http://www.google.com/+/learnmore/hangouts/onair.html > > I think that Branko may have been thinking text messages when the word skype came up. Video conferencing is at least as good as voice and, as you say, with archiving can be pretty powerful. To my mind, though, there is definitely something nice about having somebody's passport in your hand and pretending you know what to look for to spot a fake.
