laying groundwork for an eventual migration away from SHA1 with gpg

Robert J. Hansen rjh at sixdemonbag.org
Thu May 21 15:09:29 CEST 2009


Nicholas Cole wrote:
> I've never quite understood "Key Signing Parties" for this reason.

The reason is at least half social.  It's a good excuse to get out of
the house and meet other people who have a shared interest.

For the most part, people at keysigning parties do not follow very good
document protocol -- if someone presented me with, say, an Arkansas
driver's license, I've never seen an Arkansas driver's license before,
so how could I know what one looks like or what security features to
look for?

Passports are far better and easier to check -- if I want to know what
to look for to make sure a passport is real, I just visit the website of
the issuing government.





More information about the Gnupg-devel mailing list