incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Franklin, Matthew B." <mfrank...@mitre.org>
Subject RE: key signing
Date Mon, 08 Oct 2012 11:44:57 GMT
>-----Original Message-----
>From: Marvin Humphrey [mailto:marvin@rectangular.com]
>Sent: Friday, October 05, 2012 8:54 PM
>To: general@incubator.apache.org
>Subject: Re: key signing
>
>On Fri, Oct 5, 2012 at 8:55 AM, Jukka Zitting <jukka.zitting@gmail.com> wrote:
>> It's good to recommend people to get their keys signed by someone in
>> the Apache web of trust and I think we could do more in that area,
>
>Maybe if we didn't insist on face-to-face meetings we'd get better adoption
>rates.
>
>Apache dev docs:
>
>    http://www.apache.org/dev/openpgp.html#wot-link-in
>
>    How To Link Into A Public Web Of Trust
>
>    In short, expect that:
>
>        *   this will involve a face-to-face meeting
>
>GnuPG docs:
>
>    http://www.gnupg.org/gph/en/manual.html#AEN84
>
>    A key's fingerprint is verified with the key's owner.  This may be done in
>    person or over the phone or through any other means as long as you can
>    guarantee that you are communicating with the key's true owner.

+1.  I think with technologies like Skype & Google Hangout, we can get the same level
of assurance of a person's identity as a physical key signing party.

What if we held a regular Google Hangout Key Signing party?  We can always ask participants
to show IDs :)

>
>Marvin Humphrey
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message