[ale] Keysigning get-together?

David Tomaschik david at systemoverlord.com
Sat Oct 22 13:05:06 EDT 2011


On 10/21/2011 08:38 PM, Jim Lynch wrote:
> On 10/21/2011 02:06 PM, Michael Trausch wrote:
>> I would like to know if anyone has any interest in doing a PGP 
>> keysigning get-together.  My motivation is, of course, that I need 
>> signatures on my key. :)
>>
>> Would anyone else be interested?
>>
>>
> I hate to be the dissenting member but why?  I don't understand what we 
> information we interchange amongst us that need such security.  If we 
> were collaborating on some top secret project then sure, but I haven't 
> seen any topic that merits this level of security.
>
> I thought we were a bunch of individuals that were interested in Linux 
> and wanted to share our experiences, or were looking for assistance with 
> respect to Linux not extremest radicals wanting to take over the world.
>
> I have no reason to communicate with anyone on this list any information 
> that I wouldn't what someone else to view.  Is everyone as paranoid as 
> Aaron?
>
> Not that I don't want it to happen, but what's the point?  I'm not Aaron.
>
> Jim.
>

Jim,

It's not just about encryption, it's about signing too.  If I were to
send out an email to the list with a link to a .deb and say "hey, I just
wrote this great web-based media application, here's the link to
install" how would you know that the message really was from me? 
Whereas if you've met me, seen my ID, and signed my GPG key, and I were
to sign that .deb and that message, you could at least know that the
person you met (or someone in control of their GPG key) was the author
of the software and the message.

Alternatively, what if one day (and I'm just using Michael as an example
since he started the thread) Michael were to say "hey, I've got a
customer who needs help with doing XYZ to his data"  (visualization,
recovery, whatever) but that data were relatively sensitive.  If I were
to help with that, we'd need a mechanism for secure data exchange.  GPG
provides such a mechanism.

Am I paranoid?  Maybe.  Do I have use cases that don't involve being an
extremist radical?  Absolutely.  Do you?  Maybe, maybe not -- your call.

Put another way: do you use encryption when you log into your email? 
Into your bank's website?  You have a use case for encryption.

-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com





More information about the Ale mailing list