IETF Logo Mail Archive

Re: [75attendees] No PGP Key Signing session??

Ted Lemon <Ted.Lemon@nominum.com> Tue, 28 July 2009 12:00 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: 75attendees@core3.amsl.com
Delivered-To: 75attendees@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6963F3A6ECA for <75attendees@core3.amsl.com>; Tue, 28 Jul 2009 05:00:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.247
X-Spam-Level:
X-Spam-Status: No, score=-6.247 tagged_above=-999 required=5 tests=[AWL=0.352, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m+7B2TuiVBx3 for <75attendees@core3.amsl.com>; Tue, 28 Jul 2009 05:00:08 -0700 (PDT)
Received: from exprod7og121.obsmtp.com (exprod7og121.obsmtp.com [64.18.2.20]) by core3.amsl.com (Postfix) with ESMTP id 0E3EB3A6E9D for <75attendees@ietf.org>; Tue, 28 Jul 2009 05:00:05 -0700 (PDT)
Received: from source ([64.89.228.229]) (using TLSv1) by exprod7ob121.postini.com ([64.18.6.12]) with SMTP ID DSNKSm7oRYay3zitPKJQ1nfLd3/435LBqA8a@postini.com; Tue, 28 Jul 2009 05:00:10 PDT
Received: from webmail.nominum.com (exchange-10.nominum.com [64.89.228.57]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client CN "exchange-10.win.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id E5B7D1B8362; Tue, 28 Jul 2009 05:00:04 -0700 (PDT)
Received: from exchange-10.WIN.NOMINUM.COM ([64.89.228.57]) by exchange-10.WIN.NOMINUM.COM ([64.89.228.57]) with mapi; Tue, 28 Jul 2009 04:59:53 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Iljitsch van Beijnum <iljitsch@muada.com>, Pete Resnick <presnick@qualcomm.com>
Date: Tue, 28 Jul 2009 04:59:53 -0700
Thread-Topic: [75attendees] No PGP Key Signing session??
Thread-Index: AcoPeZofvBrdSD2xQ1KAUaienoNwiAAAEr4F
Message-ID: <23CEFBAC26A6814695D4872E1CE3B1AC06C14404@exchange-10.WIN.NOMINUM.COM>
References: <87prblgxjn.fsf@tower.fukt.bsnet.se> <4B4DFB71-0170-4E3B-8E6C-B9D285DF237F@muada.com> <p0625011bc69462be37e5@[10.4.39.11]> <B575FAE6-39E3-4DDE-B59F-A95E7E731309@muada.com> <p06250100c694904384c2@[130.129.22.212]>, <B586EC41-F953-4B15-A278-6F13B72CF68D@muada.com>
In-Reply-To: <B586EC41-F953-4B15-A278-6F13B72CF68D@muada.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "75attendees@ietf.org" <75attendees@ietf.org>
Subject: Re: [75attendees] No PGP Key Signing session??
X-BeenThere: 75attendees@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <75attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/75attendees>, <mailto:75attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/75attendees>
List-Post: <mailto:75attendees@ietf.org>
List-Help: <mailto:75attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/75attendees>, <mailto:75attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 12:00:09 -0000

On Tuesday, July 28, 2009 4:45 AM, Iljitsch van Beijnum

> So why not sign the key without the person and the badge? Isn't it
> good enough to know the link between the key and the email address?

You can in fact do this if they've been signing their communications all along, and you have been tracking that.   This would be entirely reasonable.   But if you've never seen their key before, the f2f contact is a useful shortcut - you automatically track the relationship between faces and identities.  It would be unwise to sign the key of a person you have only just met, because you have not yet developed a meaningful comparison between that peson on email and that person at the meeting.

E.g. i would be comfortable signing your key because I've been exchanging email with you for years *and* arguing with you at f2f IETF meetings for roughly the same number of years.

v2.23.0 | Report a Bug | By Email