1 |
On Wed, Jul 30, 2003 at 08:59:12PM +0200, Sven Vermeulen wrote: |
2 |
|
3 |
> Another way of keysigning is to have a dedicated time to do so. |
4 |
> |
5 |
> First, all ppl mail their pubkey and fingerprint to a general person who puts |
6 |
> them online before the meeting. |
7 |
> |
8 |
> On the meeting (at the dedicated time) all ppl are named and show their |
9 |
> fingerprint to the rest of the room (through a whiteboard or a projection). |
10 |
|
11 |
Yes. That's the way keysigning is usually organized, and it makes sense. |
12 |
I think "trust the guys at the booth and sign what they told you to sign" |
13 |
is just quite exactly _not_ what the web of trust is meant to be. |
14 |
Signing should allow you to see, not just to guess who actually verified |
15 |
which ID. |
16 |
|
17 |
Signing a key means verifying identity. Who trusts who is a different |
18 |
kind of matter, and it's not just for fun GPG provides trust values |
19 |
for keys. So I would recommend doing it the way Sven proposed - |
20 |
or let the guys at the booth sign keys of visitors and vice versa. |
21 |
|
22 |
Bye, Patrick |