Hi, On Wednesday 09 May 2007 19:42, Manoj Srivastava wrote: > Better yet, go read all the threads concerning the event from > last May, and come back if you have anything new to add. Unfortunatly I have read them all. And I still have something to add: Keysigning is a game and weasel won. http://ftp.ccc.de/congress/22C3/lectures/video/mp4/720x576/22C3-545-en-web_of_trust.mp4 http://events.ccc.de/congress/2005/fahrplan/attachments/685-slides_breaking_down_the_web_of_trust.pdf For example: I have very little idea how individuals secure their computer(s) and their key - anybody running binary only software on the computer? (Do you use linuxbios?) You loose... So I shouldn't trust any single key to propagate trust further down the link. _If_ I have many pathes to a second hop, I might decide to "trust" this 2nd hop too, so I consider keysigning still useful. Also, IDs are fakeable, should I trust government_s_ and _people_? Also, even very careful, "trustworthy" people make mistakes. One single mistake (in the keys lifetime after signing it) can compromise an individuals key. And it's very likely that neither the individual nor the rest of the world will ever notice. There are more points, but I'm too lazy sum them up here and now. Please watch the video, before you continue this thread. What madduck did, was to show a _single_ flaw^wissue in a very complex system. Can "we" please get over it and get on? Thanks. There is no need to repeat the thread from last year. (This is not targeted at the other part of this thread where people are trying to make the keysigning more meaningful and more secure.) regards, Holger, who stills signs keys. Security is a chain, and we need to make the links stronger. All the time. But believing we can create security, is superstition.
Attachment:
pgpVSks7fRsRj.pgp
Description: PGP signature