Re: [DNG] GNUPGP Web of trust
haven't been in any online key signing parties, only a handful of physical ones so far (makes more sense seeing/confirming/trusting in person...). but all that, pre-covid... to work around the pandemic somehow, i'd probably start with git.devuan.org. lots of authenticated devuan devs and users there, with some gpg keys already available.. jitsi meetings/online pads as public links, break the whole "trust" thing.. how do you confirm any visitor there? a few more links : - cryptoparty.in is a helpful resource in organizing : https://www.cryptoparty.in/organize/howto - signing-party package (https://salsa.debian.org/signing-party-team/signing-party) , contains tools to assist in OpenGPG signing parties 2c, d OpenPGP_signature Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] GNUPGP Web of trust
‐‐‐ Original Message ‐‐‐ On Saturday, February 27, 2021 1:23 AM, Gabe Stanton via Dng wrote: > I obviously haven't done enough reading lol. Thanks for the link. > > On Fri, 2021-02-26 at 22:06 +, Simon Hobson wrote: > > > Gabe Stanton via Dng dng@lists.dyne.org wrote: > > > > > Is it as simple as inviting anyone that wants to, to send their > > > public > > > key to this list? I'm not experienced in web of trust > > > common/accepted > > > practices but have been interested for some time. > > > > No, it's not that simple ! > > Try this for starters : https://en.wikipedia.org/wiki/Web_of_trust > > Simon No it certainly isn't simple, but that does not mean it is not doable. As this topic is not getting the response I hoped it would I am going to go out on a limb risking contamination of peoples imagination by being a lot more open with what I was thinking. Confirmation of email address by challenge response, pretty common nowadays for almost everything signed up for online. Meet'n'Greet over jitsi.org. Exchange of public keys using Dyne pad. Again I am seeking input from those with more knowledge about IT Security than myself, so I am setting the bar pretty low :) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] GNUPGP Web of trust
I obviously haven't done enough reading lol. Thanks for the link. On Fri, 2021-02-26 at 22:06 +, Simon Hobson wrote: > Gabe Stanton via Dng wrote: > > > Is it as simple as inviting anyone that wants to, to send their > > public > > key to this list? I'm not experienced in web of trust > > common/accepted > > practices but have been interested for some time. > > No, it's not that simple ! > > Try this for starters : https://en.wikipedia.org/wiki/Web_of_trust > > Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] GNUPGP Web of trust
Gabe Stanton via Dng wrote: > Is it as simple as inviting anyone that wants to, to send their public > key to this list? I'm not experienced in web of trust common/accepted > practices but have been interested for some time. No, it's not that simple ! Try this for starters : https://en.wikipedia.org/wiki/Web_of_trust Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] GNUPGP Web of trust
On Wed, 2021-02-24 at 15:23 +, g4sra via Dng wrote: > I don't like the way SSL Certs are managedso that only leaves > gpg. > > Recently had an issue with gpg which disturbed some grey cells and > disrupted their slumber. > > I don't get out much (lockdown understatement) so my current 'web of > trust' is zero and unlikely to expand anytime soon using the > conventional method of exchanging keys down the pub. I am also aware > that 'thinking' can be a dangerous pastime. > > Is there any mileage or interest in a Devuan web of trust where we > can exchange keys ? > > I would be interested to hear from the more security knowledgeable > members on the list as to whether this is even feasible. > > Knowing that something had been signed by the Devuan Community would > earn more trust from me than anything signed by Red Hat, IBM, > Google..ad infinitum. I think it's a great idea. I believe I've seen some users attach their public key as part of their email signature on this list. I've thought also about linking to a 'personal home page' that has my public key on it but I'm not to that point yet. Is it as simple as inviting anyone that wants to, to send their public key to this list? I'm not experienced in web of trust common/accepted practices but have been interested for some time. Gabe ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] GNUPGP Web of trust
I don't like the way SSL Certs are managedso that only leaves gpg. Recently had an issue with gpg which disturbed some grey cells and disrupted their slumber. I don't get out much (lockdown understatement) so my current 'web of trust' is zero and unlikely to expand anytime soon using the conventional method of exchanging keys down the pub. I am also aware that 'thinking' can be a dangerous pastime. Is there any mileage or interest in a Devuan web of trust where we can exchange keys ? I would be interested to hear from the more security knowledgeable members on the list as to whether this is even feasible. Knowing that something had been signed by the Devuan Community would earn more trust from me than anything signed by Red Hat, IBM, Google..ad infinitum. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
