[TriLUG] TriLUG master pgp key

Jeremy Portzer jeremyp at pobox.com
Thu Jul 1 09:19:12 EDT 2004


On Wed, 2004-06-30 at 18:04, John Franklin wrote:
> Does TriLUG have a master PGP key?  That is, a PGP key that belongs to
> the LUG itself which not only could be used for signing LUG-originated
> documents, but would also provide a common path-of-trust for everyone in
> the LUG (who bothers to cross sign with the LUG)?  It's the sort of
> thing I would envision TriLUG cross-signing with other *UGs around the
> world (especially as more and more of us wander off) to provide a
> LUG-Web-Of-Trust.  It may mean that it is set to expire with each
> election of a new SC and one member of the SC is designated the
> Key Master.
> 

One of the purposes of PGP/GPG in my book is that it links a key/e-mail
address with a Real-Life Person.  That is, a humanoid with a first and
last name, not a pseudonym or organization.  It's not really possible to
"trust" an organization, only the people in it.  Therefore I wouldn't
really see the need for such a key; why not just use the person's own
key?

Also, putting a lot of emphasis on a central key would make it a 'weak
link' in a web of trust.  It's supposed to be a web, not a hub and spoke
system.  (Plus, keys that expire are a pain, since you often have to get
certifications [signatures] again).    I also don't know where the
private key would be stored but I suppose that could be worked out.

I do see the advantage of cross-signing with other LUG keys around the
world, if such keys exist.  Do you have examples of this in use at other
LUGs?

Just MHO though.  Any others have thoughts?  Magnus?

--Jeremy

-- 
/---------------------------------------------------------------------\
| Jeremy Portzer        jeremyp at pobox.com      trilug.org/~jeremy     |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F  E135 6F9F F7BC CC1A 7B92 |
\---------------------------------------------------------------------/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040701/e9bfc860/attachment.pgp>


More information about the TriLUG mailing list