[colug-432] PGP Signing Party: Why?:

Richard Troth rmt at casita.net
Tue Dec 21 16:49:30 EST 2010


Also, when you get someone else to sign your key, or when you collect a key
from someone that you intend to sign, you probably want to do that
face-to-face (and maybe check photo ID too).  Key signing parties allow for
personal interaction that is less vulnerable to a man-in-the-middle attack
than purely electronic means.

I make a point to NEVER sign a key that I did not receive from the owner in
person.  I also don't use a key (eg: for sending email) that does not have a
signature or known security attributes.

If double-key encryption is as strong as we think it is, these extra steps
are well worth the effort.

-- R;   <><





On Tue, Dec 21, 2010 at 10:56, <jep200404 at columbus.rr.com> wrote:

> "Steve VanSlyck" wrote:
>
> > Apologies for asking a really stupid question,
> > but why do I need anyone to sign my key[?]
>
> 無. Maybe you do not have such a need.
>
> Key signing is useful when you give somebody some bits
> (such as but not limited to email and files)
> and you need them to know that those bits came from you,
> that those bits were not from somebody else pretending to be you.
>
> Most people do not have such a need.
>
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20101221/0a75ed43/attachment.html 


More information about the colug-432 mailing list