On 09/30/15 19:17, David Niklas wrote: > Hello, > I create for myself a gpg key and want to get it signed, however I've > sent out half a dozen requests and so far I've gotten only negative > responses to the effect that I must know so-and-so and we must met in > person (considering that the person responds at all). > Now, I'm a student (think penny less), and live in a rural area 100mi > from the nearest LUG and people out here are _very_ computer illiterate > to the point where educated people think that turning a computer off > will damage it, or that the computer loses power (1GHz becomes .2GHZ), > as it grows older. So no one has a key, at all. And they would not want > to help create a web of trust even if I asked and explained it to them. > They just don't believe in security around here (Oh, that would never > happen to me! There are laws against that! You are a security freak.) > > I want to develop FOSS and feel obligated to get a key to protect uses > of the software I'm modifying from MITM attacks. > > Thanks, David > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Hi David,
I know that problem. But I did the following: I used "The Harvester" [1] and did a search on the domain of my university on public key servers and found out many people here, who use GPG. I just started e-mailing some of them and met them to cross sign the keys. So my suggestion is, look up the mail-addresses of a university when you are (for some reasons) in that city. Okay, this requires you to travel, but you can try that if you are in some other city for some reason. I am active member of a local association and there are some people using GPG, too. So to make it more comfortable to others, we created an extra key, stored it on a smart-card and use this key to sing our keys. This is uploaded on out website and people who trust out SSL-CA (cacert.org) could think of trusting this key in addition to it's own WoT. We also put up our finger-prints to the contact fields of our members (from those, who have GPG). Additionally, you could add your GPG-finger-print to every presentation you'll hold at university. This might also help. [1]: https://code.google.com/p/theharvester/ [2]: -- I use GnuPG (GPG) for E-Mail encryption and signing. If you want some privacy, my public key ID is 2F9D4F14. The file "singature.asc" this message includes contains a cryptographic signature which enables you to verify this E-Mail really was written by me. Christopher Beck, DL1CHB Gerhart-Hauptmann-Str. 1 91058 Erlangen Tel.: 09131 / 9245437 Fax.: 09131 / 8148708 Jabber: bec...@jabber.org
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
