On 18/10/13 22:26, Brian J. Murrell wrote: > Right. They key signing party relies on a means of communication that > can be considered authenticated. It could be e-mail (closed corporate > e-mail system, not an "across the Internet e-mail) or it could be > "credentials required" (again, closed, corproate) instant messaging for > example.
I don't think I myself would consider that enough verification to sign a key. Too many other communication components involved. I was more thinking along the line of a Zimmerman-Sassaman protocol key signing party where the HR person is present and every line on the list is done as follows: Person on list: "Yes, entry 42 is indeed the fingerprint of my key" HR person: "Yes, this person is indeed the person listed at entry 42" This would be a considerable speedup for the ID verification stage, still presuming that you trust HR to properly verify someone's identity. I don't think this would still be a "virtual" keysigning party, though :). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
