Re: [ncc-services-wg] Proposal for easing keysigning at meetings

[Phil Pennock <]

On 2003-09-02 at 18:43 +0200, Mans Nilsson wrote:
> Quoting Jørgen Hovland (jorgen@localhost):
> > I'm not. One reason is that I think it is a bit deprecated, and if I
> > wanted to collect stamps I would go to a stampshop.

*ROTFL*  These are a bit more useful than historical stamps, but the
character description is a fair jab.  :^)  But those of us who collect
signatures do so because it achieves something, not _just_ because it
satisfies some boyish collector instinct (I've just realised that I
don't think I've ever seen a woman at a keysigning).

> > The other is that RIPE is implementing X509 authentication. I think it would certainly be much better to do something that was
> > related to this than doing something that was not... if possible.
> 
> I disagree -- but then again I do not understand this X509 stuff.

I don't understand X509 sufficiently to make suggestions, but if it does
allow for distributed trust, such as PGP/GPG/whatever's web-of-trust,
then the proposal for RIPE doesn't exclude it.

The proposal is for "crypto keys", not "PGP keys" even though they're
the most obvious and likely beneficiary.  As far as I'm concerned, the
collected information should be treated as a blob of text.  It can be
PGP, X<nnn>, or anything else.  A bit like the early flexibility of the
RIPE database -- don't prohibit content.

The key (bad pun, sorry) is to reduce the potential for human error in
transcription and reduce the work required per key/identity
verification.

Perhaps amend the original suggestion to explicitly collect a pair,
"crypto system"/"crypto pub-key".

 Crypto: PGP / 6F99 1154 7B13 3294 F1FB  78A7 2622 C81A 9525 CBBA


Another private reply suggested that I collect private replies and
report tallies to the list.  I'm willing to do this.
-- 
Phil Pennock,  Senior Systems Administrator,  Demon Internet Netherlands
NL Sales: +31 20 422 20 00      Thus Plc      NL Support: 0800 33 6666 8