[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Looking For People To Sign My GPG Public Key

Hash: SHA1

Todd Zullinger wrote:
> Robert L Cochran wrote:
>> Is there anyone out there willing to sign my GPG public key?
> Without a face to face meeting and exchanging of the gpg key info
> (size, type, fingerprint, etc.) and some form of picture ID?  I would
> hope no one would be willing.  If there are, you don't want their
> signatures anyway. ;-)
>> It is on subkeys.pgp.net under this email address --
>> cochranb speakeasy net 
>> If you will sign my key, I will sign yours. That is what's in it for
>> you.
>> If you are interested, email me offlist and perhaps we can organize
>> a signing party where we start with one person and go round to the
>> last, turn by turn.
> Have you checked out biglumber.com?  That's a handy place to add your
> key and geographic location and find others nearby that are interested
> in meeting for exchanging signatures.  If it wasn't around a 2 hour
> drive to Greenbelt MD, I'd consider it. :)
> Searching biglumber, there are at least 28 individuals or groups in
> Maryland that are interested in exchanging signatures:
>     https://biglumber.com/x/web?ss=MD
> Another place to start is with local LUGs.  There are often folks
> there that use PGP and are willing to exchange signatures.
> HTH,
Thanks Todd. This really is useful to me. I'm waiting now for
biglumber.com to actually send me the promised login token based on my
GPG key, so I can make myself the 29th Maryland person interested in a
keysigning. I have a feeling their email server is in trouble. Or is
just so painfully slow that it needs hours.

I've also checked for people who might be interested in meeting me,
there are at least a few within driving distance for me.

I'll probably check to see if the Baltimore, Maryland LUG really will
have a keysigning party. The one advantage to driving all the way out
there for such a meeting is I might meet some new folks and make a
friend or two.

Since I also belong to the Thawte "Web of Trust" and have enough "Trust
Points" accumulated to authenticate other people, I'm well aware based
on numerous personal meetings with others (whom I asked to authenticate
me, and later on, people who asked me to authenticate them) that these
authentication type and/or keysigning meetings are basically meaningless
in terms of really knowing the person who is signing your key or
authenticating your application. It's like a puff of air. It's a
formality only. One that cost me a lot of gas and with no payment
forthcoming. One guy did take the time to talk to me at a Starbucks, but
I never met him or heard from him again. Such is business. With Thawte,
payment of a sufficient fee and the signature of just one banker or
lawyer can get you enough Trust Points to authenticate anyone. It
doesn't matter if the lawyer or banker recently served a jail term.

- From a keysigning perspective, really a face-to-face meeting has no more
value from an authentication or know-the-other-party perspective than
the act of walking past someone in a grocery store. It's not as if you
are going to do business with the person whose key you just signed until
the day you die.

Email is often a better and more efficient use of time and resources.


Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]