11 Mar
2018
11 Mar
'18
1:17 p.m.
On 2018-03-11 03:45 PM, Bob Jonkman via talk wrote:
I do recommend that the keymaster for a keysigning event generates a key specifically for that event.
We tried a formal keysigning party at GTALUG once. It was a lot of work and I think we extended the Web of Trust by four people. The WoT assumes that the underlying code and algorithms aren't broken, which very few people are in a place to verify. They also require that everyone in the WoT practises the very best key hygiene: people are fallible; see last year's leak of the private key for Adobe's incident response team. cheers, Stewart