[colug-432] Keybase.io observations
Rick Troth
rmt at casita.net
Mon Apr 7 11:31:28 EDT 2014
friends --
I'm pretty geeked about Keybase.io and excited to see more of us on it.
Expanding the global web-of-trust helps everyone.
Have been wanting to see more PGP/GPG action at regular COLUG meetings.
Am thinking we should at least mention "opportunistic countersigning" at
most meetings. That is, if anyone present is in need of signatures or is
willing to sign, make a point to do so after the meeting or during a
break. (Quick face-to-face without the drawn out formality of a key
signing party. Works well for two or three at a time.)
Keybase.io offers alternative assurance methods. If you can prove that
you own various internet resources, there's a good chance the related
public key really belongs to you. Makes sense.
But I'm still only "tracking" one person in KB space. I won't track
someone who's public key I did not vet with the usual face-to-face
dance. Doesn't mean I won't use a public key I got from KB, just that I
won't "sign" it (which is what tracking sort of implies).
I noticed that public keys on KB don't have PGP/GPG signatures of people
you track. Am realizing (now!) that makes sense because KB tracking is
not the same as the traditional PGP signing.
-- R; <><
More information about the colug-432
mailing list