On Fri, Sep 6, 2013 at 6:42 PM, Joe Touch <to...@isi.edu> wrote:

>
>
> On 9/6/2013 10:17 AM, Michael Richardson wrote:
>
>>
>> I will be happy to participate in a pgp signing party.
>> Organized or not.
>>
>> I suggest that an appropriate venue is during the last 15 minutes of the
>> newcomer welcome and the first 15 minutes of the welcome reception.
>>
>> Because:
>>    1) the WG-chairs and IESG will all be there, and a web of trust
>>       still needs some significant good connectivity, and we already
>>       know each other rather well, without needing "ID"
>>       (I am not interested myself in verifying anyone's NSA^WGovernment
>>       identity. I don't trust that Certification Authority...)
>>
>>    2) getting newbies on-board, meeting them well enough to sign
>>       their key seems like a good thing.
>>
>
> And whose key would you sign? Anyone who showed up with a form of ID?
>
> I've noted elsewhere that the current typical key-signing party methods
> are very weak. You should sign only the keys of those who you know well
> enough to claim you can attest to their identity.
>
> If that's the case, how will this get newbies on-board except to invite
> them to have keys whose signatures aren't relevant, and to devalue the
> trust in WG-chairs and IESG members?
>
> Joe
>

I can write a key ceremony spec. I have done that before.

Almost everyone arriving in Vancouver will have a passport in any case. The
protocol will probably be something like provide your key etc data in
advance, print something out and present that plus your ID document in the
ceremony.


-- 
Website: http://hallambaker.com/

Reply via email to