incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Dunning <ted.dunn...@gmail.com>
Subject Re: key signing
Date Mon, 08 Oct 2012 20:45:54 GMT
On Mon, Oct 8, 2012 at 7:46 PM, Marvin Humphrey <marvin@rectangular.com>wrote:

> On Mon, Oct 8, 2012 at 8:51 AM, Branko ─îibej <brane@apache.org> wrote:
>
> > It says clearly, "as long as you can guarantee that you are
> > communicating with the key's true owner." Which was exactly my point.
>
> I assert a "virtual key-signing party" protocol incorportating Google Plus
> Hangouts could offer comparable assurances to a face-to-face key signing
> party.  I speculate that such a protocol would utilize the "Hangouts On
> Air"[1] feature which archives the hangout video directly to YouTube, along
> with possibly mailing list interaction and commits to ASF version control
> to
> achieve a layered approach a la multi-factor authentication.  Arguably,
> having
> archived video would make the virtual protocol _stronger_ than
> face-to-face.
>
> Whether such an initiative would be worth the effort is a different
> question,
> but video conferencing should not be dismissed out-of-hand as a tool for
> helping to associate a key with the key's true owner.
>
> [1] http://www.google.com/+/learnmore/hangouts/onair.html
>
>
I think that Branko may have been thinking text messages when the word
skype came up.  Video conferencing is at least as good as voice and, as you
say, with archiving can be pretty powerful.  To my mind, though, there is
definitely something nice about having somebody's passport in your hand and
pretending you know what to look for to spot a fake.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message