Home > GnuPG > RFC: Using video conferencing for GPG key signing events

RFC: Using video conferencing for GPG key signing events


A thought that I haven’t had a chance to fully consider (so I’m asking the Internet to do that for me)…

I have a geographically-diverse team that uses GPG to provide integrity of their messages.  Usually, a team like this would all huddle together and do a formal key-signing event.  With several large bodies of water separating many of the team members, however, it’s unlikely that we could even make that work.

The alternative I thought of was using a video chat meeting to facilitate the face-to-face gathering and exchange of information.  There are obviously some risks, here, but I wonder if those risks are suitably mitigated through the use of authenticated/encrypted links to the video chat system?  Can anyone point to why this would be a bad idea?

Advertisements
Categories: GnuPG Tags: ,
  1. Stephen Smoogen
    2015-09-24 at 12:12 EDT

    I think the risks of using video conferencing are probably less than most of the risks that come at signing parties. Since it is very hard to confirm that a drivers license is not fake.. (and a fake one only costs $20->100) how confident that doing something in person is actually any “better”

    • 2015-09-24 at 12:14 EDT

      Good point. Perhaps using a more directed “by invitation” method might even be more secure.

    • 2015-09-24 at 14:34 EDT

      well, in Europe (UK being the exception) most people have government issued IDs, and if we’re talking about travelling over the big pond, you need passport anyway. Those are much harder to fake.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s