Re: [Debconf-discuss] GPG Key Management Best Practices BoF
Michael Shuler dijo [Sun, Aug 01, 2010 at 10:03:36PM -0500]:
> I volunteered to add an AdHoc Session and I'm thinking about the time
> slot just prior to the main KSP session on Friday evening - opinions?
> (it's a related topic and after looking through the rest of the
> schedule, I don't wish to step on any other talks)
>
> The Carman dorm basement was suggested as a possibly good place to hold
> the KSP (not final, yet), so I'd like to have this BoF in the same location.
>
> Discussion / debate could be about what are good best practices for key
> security, subkey usage, smartcards and USB keys, expiration, etc.
>
> I am not an expert on the topic, so would enjoy learning more about how
> people manage their digital identity - you interested? :)
FWIW, I have been waiting and willing for other people to come up and
exchange signatures. That has still not happened, not even once. I
know that I have cross-signed with many of the usual suspects last
year in Cáceres (I started using a 4096R key back then)... But so far,
the one-to-one keysigning is IMO inexistent. I will try to (find time
to) get it kickstarted tomorrow.
Also FWIW, I do not plan to take part on any massive key signing
party. I do not really believe they add up to our keyring's real trust
- It's much better to cross-sign people based on you knowing them
rather than on identifying their passport. I am more than willing to
sign whatever the people I have come to meet i.e. as Daniel Gilmore,
Richard Darst, Jeremy Baron, Kevin Mark, or several others I've really
met and worked with during the past week without seeing their
respective IDs than a random person I have never met that shows me
their passport.
Reply to: