+1. Personal is better than commercial On Fri, Aug 15, 2025 at 13:14 Rick Troth < [email protected]> wrote:
> Thanks Matt! > > I found two keys for your Apache address and four for your personal > address, all on the Ubuntu key server. > Downloaded all six. Will upload after face-to-face. (Lots of the older > key servers have failed for a variety of reasons.) > > I'll point you at my downloadable keys (since the key servers are such a > train wreck lately) in separate email. > Most of mine are already under http://www.casita.net/ca/pgp/ > > all -- > > When you see a colleague in person, if you don't know them well then > share photo ID (passport, driving license, etc). > In all cases then exchange printed key fingerprints. Then when back at > your own keyboard, fetch the electronic copy and confirm the > fingerprints. Dun! > > > -- R; <>< > > > > On 8/15/25 10:58 AM, Matt Hogstrom wrote: > > I’ll be at SHARE … will need to find a printer though. I have PGP keys > > with an Apache ID ([email protected]) and my personal ( > [email protected]) > > FWIW > > > > > > > > On Thu, Aug 14, 2025 at 13:38 Rick Troth < > > [email protected]> wrote: > > > >> friends -- > >> > >> If any of you are #1 going to Cleveland next week and #2 have a PGP > >> public key that you're willing to share, please bring printed copies of > >> your key fingerprints. > >> This is a good thing to do in any case: have biz cards or other > >> immutable media with PGP verification info to share when you meet people > >> in person. > >> > >> I won't be attending the conference (more reasons than I can discuss), > >> but I live not too far away so hope to be in the area ... and I WILL > >> HAVE such fingerprinty papers on my person. > >> > >> This all comes to mind because the "mainframers web of trust" has popped > >> up on the radar again. > >> We held a traditional PGP key signing party at VM Workshop a couple > >> times, but that was pre-pandemic and we've all slept since then. > >> > >> The rationale for in-person fingerprint assurance is to promote the > >> individual trust model used by PGP (and GPG). > >> Contrast with the PKI trust model, which, while more widely implemented, > >> requires a third party and usually also requires formal compensation. > >> (The certificate issuers have real costs that must be covered.) > >> > >> > >> -- > >> -- R; <>< > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email [email protected] with the message: INFO IBM-MAIN > >> > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email [email protected] with the message: INFO IBM-MAIN > > -- > -- R; <>< > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
