Uncategorized

Key signing party

I have a reputation for being a bit of a privacy freak. Given that, it’s a little odd that I didn’t have a PGP key until 2004, since cypherpunks and privacy freaks tend to love PGP.

What’s even more odd is that, until today, I’d never been to a key signing party! We had a small one at work, so I finally have some signatures on my key. Very cool.

From a sociological point of view, the evolution of key signing parties is utterly fascinating. If you’re not a geek, it’s similar to being in the mafia. Mobsters are constantly meeting new recruits and business associates, but they have to be careful about who they trust. So, when they bring someone new into the fold, they “vouch” for them.

This is usually good enough, but sometimes they need to work with someone new, or from out of town. (Understandably, that happens pretty often.) They might not know the new person directly, but they might know someone else who will vouch for them. If they’re lucky, they might even have two or three friend-of-friend links. It’s not quite as good as vouching directly, but it’s close.

Key signing parties are basically the same thing, but with computers, crypto, geeks, and a healthy dose of paranoia. Similar to La Cosa Nostra, key signing parties have developed a fair amount of structure, coordination, and even etiquette. For example, ironically, laptops and PDAs are frowned upon, since the goal is to verify identities and keys out of band, in person.

It was great, geeky fun. Now that I know the ropes, I’ll have to go to another one. On an unrelated note, happy Friday the 13th!

Standard

One thought on “Key signing party

Leave a Reply

Your email address will not be published.