incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: key signing
Date Mon, 08 Oct 2012 18:46:59 GMT
On Mon, Oct 8, 2012 at 8:51 AM, Branko ─îibej <brane@apache.org> wrote:

> It says clearly, "as long as you can guarantee that you are
> communicating with the key's true owner." Which was exactly my point.

I assert a "virtual key-signing party" protocol incorportating Google Plus
Hangouts could offer comparable assurances to a face-to-face key signing
party.  I speculate that such a protocol would utilize the "Hangouts On
Air"[1] feature which archives the hangout video directly to YouTube, along
with possibly mailing list interaction and commits to ASF version control to
achieve a layered approach a la multi-factor authentication.  Arguably, having
archived video would make the virtual protocol _stronger_ than face-to-face.

Whether such an initiative would be worth the effort is a different question,
but video conferencing should not be dismissed out-of-hand as a tool for
helping to associate a key with the key's true owner.

[1] http://www.google.com/+/learnmore/hangouts/onair.html

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message