PGP/GnuPG Key Signing & CACert Assurer Gathering

Track: BOF
Date: Thursday, July 27
Time: 8:00pm - 9:00pm
Location: E142

Moderated by Andrew Sweger,, Inc.

For coordination instructions, see KeySigningBOF

From the GnuPG Keysigning Party HOWTO:

1.1 What exactly is a key signing party? A key signing party is a get-together of people who use the PGP encryption system with the purpose of allowing those people to sign each others keys. Key signing parties serve to extend the web of trust to a great degree. Key signing parties also serve as great opportunities to discuss the political and social issues surrounding strong cryptography, individual liberties, individual sovereignty, and even implementing encryption technologies or perhaps future work on free encryption software.

1.2 What is key signing?

Key signing is act of digitally signing a public key and a userid packet which is attached to that key. Key signing is done to verify that a given user id and public key really do belong to the entity that appears to own the key and who is represented by the user id packet.

You can digitally sign your own public key and an associated id on that key, or another entity's public key and associated public key packet.

In a sense, key signatures validate public keys. They are an endorsement of validity of a public key and associated id by a third party. This is the way in which key signing builds the web of trust.