workshop: Improving the Web of Trust with GNOME Keysign
Making signing OpenPGP keys suck less
The keysigning problem helps to strengthen the Web of Trust which is the decentralised PKI in the OpenPGP world.
It depends on people participating by signing other people's keys.
However, when following best practises, the act of signing a key involves secure transfer of the OpenPGP key which contemporary casual key signing protocols for small groups address by exchanging the fingerprint of the key to be signed.
The key will then be downloaded over an untrusted channel and the key obtained needs to be manually verified.
We will see a less stressful approach to signing keys which makes it easy to sign a person's key.
It enables very small groups of people to casually hold very small key signing parties.
The key idea is to automatically authenticate the key material before the transfer via a secure audible or visual channel.
A Free Software implementation of the protocol will be shown and people are invited to sign their keys :-)