[colug-432] PGP Signing Party: Why?:
rmt at casita.net
Tue Dec 21 16:49:30 EST 2010
Also, when you get someone else to sign your key, or when you collect a key
from someone that you intend to sign, you probably want to do that
face-to-face (and maybe check photo ID too). Key signing parties allow for
personal interaction that is less vulnerable to a man-in-the-middle attack
than purely electronic means.
I make a point to NEVER sign a key that I did not receive from the owner in
person. I also don't use a key (eg: for sending email) that does not have a
signature or known security attributes.
If double-key encryption is as strong as we think it is, these extra steps
are well worth the effort.
-- R; <><
On Tue, Dec 21, 2010 at 10:56, <jep200404 at columbus.rr.com> wrote:
> "Steve VanSlyck" wrote:
> > Apologies for asking a really stupid question,
> > but why do I need anyone to sign my key[?]
> 無. Maybe you do not have such a need.
> Key signing is useful when you give somebody some bits
> (such as but not limited to email and files)
> and you need them to know that those bits came from you,
> that those bits were not from somebody else pretending to be you.
> Most people do not have such a need.
> colug-432 mailing list
> colug-432 at colug.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the colug-432