Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo

To: Dashamir Hoxha <dashohoxha@gmail.com>
Cc: debconf-discuss@lists.debian.org, debconf-announce@lists.debian.org
Subject: Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo
From: Gunnar Wolf <gwolf@debian.org>
Date: Tue, 14 Jun 2022 10:20:26 -0500
Message-id: <[🔎] YqinOkzzzfxWj8Lz@mosca.iiec.unam.mx>
In-reply-to: <[🔎] CAMucfLxm_cyAYVuBkW-iSJiYnJN2njSE746iFHaf6vcWz5xL6g@mail.gmail.com>
References: <Yqe54LPE+Er2XxQ5@mosca.iiec.unam.mx> <[🔎] CAMucfLxm_cyAYVuBkW-iSJiYnJN2njSE746iFHaf6vcWz5xL6g@mail.gmail.com>

Dashamir Hoxha dijo [Tue, Jun 14, 2022 at 03:20:07PM +0200]:
> On Tue, Jun 14, 2022 at 12:28 AM Gunnar Wolf <gwolf@debian.org> wrote:
> 
> >
> > Most of you are aware that the keyserver network is currently in a
> > quite weak status; please ensure we can find your updated keys at
> > several different keyservers (at least, by uploading them); I suggest
> > you try something like the following:
> >
> >(...)
> 
> Is it possible to avoid the keyserver network somehow? Because as you
> mentioned, it is failing, and also it is not recommended to use it anymore
> (as far as I know).

It is failing due to a couple of weaknesses in the interaction model
between servers, but some people (me included) are working to save it
from dying. Still, I cannot by far promise you it will continue
working, and for how long.

Key distribution servers are a fundamental part for the Web of Trust,
the basic model for trusting on somebody's identity via their key's
certifications.

> For example, instead of uploading the fingerprint, we can upload the public
> key itself somewhere, in a public place, or send it by attachment to a
> coordinator.

That would be suboptimal, as the key has to be available to every
participant who has to sign your key. I will most likely, though, put
the keys on a keyring somewhere in https://people.debian.org/~gwolf,
but that solves only a part of the problem: You will be able to get
some identifcations, but making the world know you have certified
somebody's keys gets much trickier.

> Maybe I am missing something. Maybe a keysigning party makes no sense
> without a keyserver infrastructure. I am not sure.

It does make sense, but it is a bit harder. Nowadays, we _still_ have
keyservers, and they _still_ network together. Some of us will do our
best to keep the infrastructure alive. DebConf22 will have keyserver
infrastructure available, trust me :-]

But keysigning has been done since before keyservers were a thing;
keyservers make many things easier, although are not fundamental for
the WoT to work.

Anyway... I guess you can see I have many things to say about this ;-)
See you in Kosovo, and we will be able to discuss in person. And of
course, see you in:

    https://debconf22.debconf.org/talks/31-openpgp-web-of-trust-a-way-forward/

Reply to:

Follow-Ups:
- Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo
  - From: Dashamir Hoxha <dashohoxha@gmail.com>

References:
- Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo
  - From: Dashamir Hoxha <dashohoxha@gmail.com>

Prev by Date: Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo
Next by Date: Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo
Previous by thread: Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo
Next by thread: Re: DebConf22: Call for keys for keysigning in Prizren, Kosovo
Index(es):
- Date
- Thread