Gentoo Archives: gentoo-dev

From: Patrick Kursawe <phosphan@g.o>
To: gentoo-dev@g.o
Subject: Re: [gentoo-dev] Keysigning at LWE
Date: Wed, 30 Jul 2003 20:22:26
In Reply to: Re: [gentoo-dev] Keysigning at LWE by Sven Vermeulen
1 On Wed, Jul 30, 2003 at 08:59:12PM +0200, Sven Vermeulen wrote:
3 > Another way of keysigning is to have a dedicated time to do so.
4 >
5 > First, all ppl mail their pubkey and fingerprint to a general person who puts
6 > them online before the meeting.
7 >
8 > On the meeting (at the dedicated time) all ppl are named and show their
9 > fingerprint to the rest of the room (through a whiteboard or a projection).
11 Yes. That's the way keysigning is usually organized, and it makes sense.
12 I think "trust the guys at the booth and sign what they told you to sign"
13 is just quite exactly _not_ what the web of trust is meant to be.
14 Signing should allow you to see, not just to guess who actually verified
15 which ID.
17 Signing a key means verifying identity. Who trusts who is a different
18 kind of matter, and it's not just for fun GPG provides trust values
19 for keys. So I would recommend doing it the way Sven proposed -
20 or let the guys at the booth sign keys of visitors and vice versa.
22 Bye, Patrick