What can I expect at a Key Signing party?
Jean-David Beyer
jdbeyer@exit109.com
Sun Oct 14 13:56:01 2001
You will be able to tell that I am a newbie as far as PGP and GnuPG are
concerned, though I have it running on my machine now (not with this
MUA, though).
If I want to get people to sign my public key, it seems that the best
way would be to go to a Key Signing party. What do I bring? What do I
get back.
It seems to me that I should need to prove who I am. A photo-ID, such as
a U.S. (in my case) passport should suffice for that, I guess. I suppose
I should also bring a floppy disk with my public key (armored, I guess)
on it would also be needed.
At the end, do I come home with a floppy with my public key, signed by a
bunch of people whose photo-id I have checked to put back into my public
key ring, and after that, to export it to various key servers? Or is
that done at the party?
Is that it? It does open up questions.
How do people know that the e-mail address in the public key is really
mine? I could have put anything in there, is really me. Since my e-mail
address is jdbeyer@my.MTA.com it might be pretty likely that that is
really one of my e-mail addresses, but if my e-mail address were
something cutsie like sweetipie@my.MTA.com, there would be no reason to
believe it. Similarly if I put press@whitehouse.gov in there.
Do I have to verify the photo-id of everyone there? and verify that
their e-mail address is one that is really there? How do I do that with
cutesie e-mail addresses?
So how are these issues usually handled?
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 73926.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 7:40am up 24 days, 14:35, 3 users, load average: 3.03, 3.07, 3.02