Re: [Debconf-discuss] GPG Key Management Best Practices BoF

To: Chris Knadle <chris-debian@coredump.us>, debconf-discuss@lists.debconf.org
Subject: Re: [Debconf-discuss] GPG Key Management Best Practices BoF
From: micah anderson <micah@riseup.net>
Date: Fri, 06 Aug 2010 14:33:18 -0400
Message-id: <[🔎] 8762znwpzl.fsf@algae.riseup.net>
In-reply-to: <[🔎] 20100804022519.GA5090@lethe.ofobscurity.com>
References: <[🔎] 4C563588.3080109@pbandjelly.org> <[🔎] 20100803060149.GC19331@gwolf.org> <[🔎] 20100804022519.GA5090@lethe.ofobscurity.com>

On Tue, 3 Aug 2010 22:25:19 -0400, Chris Knadle <chris-debian@coredump.us> wrote:
> On Tue, Aug 03, 2010 at 01:01:49AM -0500, Gunnar Wolf wrote:
> > Michael Shuler dijo [Sun, Aug 01, 2010 at 10:03:36PM -0500]:
> > > I volunteered to add an AdHoc Session and I'm thinking about the time
> > > slot just prior to the main KSP session on Friday evening - opinions?
> > > (it's a related topic and after looking through the rest of the
> > > schedule, I don't wish to step on any other talks)
> > > 
> > > The Carman dorm basement was suggested as a possibly good place to hold
> > > the KSP (not final, yet), so I'd like to have this BoF in the same location.
> > > 
> > > Discussion / debate could be about what are good best practices for key
> > > security, subkey usage, smartcards and USB keys, expiration, etc.
> > > 
> > > I am not an expert on the topic, so would enjoy learning more about how
> > > people manage their digital identity - you interested?  :)
> > 
> > FWIW, I have been waiting and willing for other people to come up and
> > exchange signatures. That has still not happened, not even once. I
> > know that I have cross-signed with many of the usual suspects last
> > year in Cáceres (I started using a 4096R key back then)... But so far,
> > the one-to-one keysigning is IMO inexistent. I will try to (find time
> > to) get it kickstarted tomorrow.
> 
> It can be tough to get a chance to talk to new people and find people to sign
> keys with, especially with everything that's going on.  Most of the time I
> find I'm in talks all day, with meals in-between.  However there seems to be
> more opportunity for talking and keysigning when working in the Hack Lab in
> the evening.

Yeah, this is why I thought that the process used at Debconf 7[0]
(Scotland) to put people into small groups based on optimizing
heuristically the MSD results was much better than what we did last year
(and seem to be going ahead and doing this year). 

I agree that mass keysignings aren't very useful, but I also found the
totally disorganized keysigning that we did in Spain, and here to lack
some useful structure, cohesion and discussions about best practices.

micah

0. https://debconf7.debconf.org/wiki/Keysigning

Attachment: pgp21c3ShjRyx.pgp
Description: PGP signature

Reply to:

References:
- [Debconf-discuss] GPG Key Management Best Practices BoF
  - From: Michael Shuler <michael@pbandjelly.org>
- Re: [Debconf-discuss] GPG Key Management Best Practices BoF
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: [Debconf-discuss] GPG Key Management Best Practices BoF
  - From: Chris Knadle <chris-debian@coredump.us>

Prev by Date: Re: [Debconf-discuss] Group photo information
Next by Date: [Debconf-discuss] cdn.debian.net (Re: Columbia Debian mirror
Previous by thread: Re: [Debconf-discuss] GPG Key Management Best Practices BoF
Next by thread: Re: [Debconf-discuss] GPG Key Management Best Practices BoF
Index(es):
- Date
- Thread