| 1 |
On Wed, Jul 30, 2003 at 08:59:12PM +0200, Sven Vermeulen wrote: |
| 2 |
|
| 3 |
> Another way of keysigning is to have a dedicated time to do so. |
| 4 |
> |
| 5 |
> First, all ppl mail their pubkey and fingerprint to a general person who puts |
| 6 |
> them online before the meeting. |
| 7 |
> |
| 8 |
> On the meeting (at the dedicated time) all ppl are named and show their |
| 9 |
> fingerprint to the rest of the room (through a whiteboard or a projection). |
| 10 |
|
| 11 |
Yes. That's the way keysigning is usually organized, and it makes sense. |
| 12 |
I think "trust the guys at the booth and sign what they told you to sign" |
| 13 |
is just quite exactly _not_ what the web of trust is meant to be. |
| 14 |
Signing should allow you to see, not just to guess who actually verified |
| 15 |
which ID. |
| 16 |
|
| 17 |
Signing a key means verifying identity. Who trusts who is a different |
| 18 |
kind of matter, and it's not just for fun GPG provides trust values |
| 19 |
for keys. So I would recommend doing it the way Sven proposed - |
| 20 |
or let the guys at the booth sign keys of visitors and vice versa. |
| 21 |
|
| 22 |
Bye, Patrick |
Archives