[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keysigning via Video Conferencing

Jonas Smedegaard dijo [Thu, Jun 23, 2016 at 10:30:21PM +0200]:
> I sign keys by a similar policy as Gunnar, it seems.  But I do sign also 
> people I have not met before...
> The logic I use is that I should be able to re-identify later.  If I 
> meet the person later I might have forgotten their name (I easily do) 
> but if they remind me and tie it to something we talked about or did 
> together, I should go "Ahhh!" rather than "hmmm".
> It is a balancing act.  Easiest is to only trust your mother and very 
> close friends through many years, but you also want to expand the web of 
> trust (and maybe also social circles, but that is a _different_ matter).

Excelent! I knew you were a good friend to keep around ;-)

> I think what can help here is expiry time on signatures: If my gut 
> feeling says that the person I've discussed perl with for an hour does 
> not really etch into my brain that efficiently, and I worry if we bump 
> into each other, say 3 years from now, then I would've forgotten who it 
> is.  What I then do is sign but with an expiry of the key of 1-2 years.
> Expiry on signatures is relatively new to me, however, so I welcome 
> input on how that is sensible or not.  And also on how to eventually 
> extend the lifespan.

OK, so the people that agree with Jonas are exempt from attending my
session in DebConf, Monday 2016.07.04, 4PM. I expect to show some
pretty graphs and talk about how I have been having fun with the
keyring lately :-) So welcome to join, or to stream. Or to see later,
of course!

Attachment: signature.asc
Description: Digital signature

Reply to: