[TriLUG] Newly generated gpg keys
stinkfart at gmail.com
Tue May 16 16:22:22 EDT 2006
On 5/15/06, Tanner Lovelace <clubjuggler at gmail.com> wrote:
> Actually that was Magnus's doing so I'll let him explain.
Yeah I used to be much more involved and fired up about GPG and building the
web of trust. I maintained a keyring on the TriLUG web server and often
built relationship graphs like the ones that Nivex is messing with now.
Biglumber was the de facto place to go to find other people who would be
willing to sign your key, and to find key signing events. Back in the day,
TriLUG had (IIRC) the largest keyring on Biglumber and the most active
regular keysigning events tracked by that site.
My reasons for losing interest were twofold:
1) Many people would show up at keysigning events, go through all the
motions, and then never actually sign my key. I was fairly well connected
at the time and it kind of cheesed me off that people were using me for my
sig but not returning the favor. I did suggest that Biglumber institute a
key escrow to prevent stuff like this from happening and it looks like they
do have it now, which eliminates one of my two major gripes.
2) Nobody ever really used it. I would send encrypted emails to people that
I had directly exchanged keys with and they would complain that they didn't
have GPG installed against their MUA so could I please re-send in
plaintext? I've gotten to the point where I don't have GnuPG installed on
my MUA either. The general apathy about email security is very regrettable
and I don't really have the time or energy to be an evangelist to try to get
people to care more about this.
I'm glad that there is a recent increase in interest. If I find people are
actually using it, I might pick it up again and dust off my old key. I
think most of my signatures on it are probably expired as many people set
their signatures to expire coinciding with a scheduled expiration of my key
(I often set my key to expire a year out, and then change the expiration
when the date got close, so that if my key ever fell into disuse it couldn't
The minor nit I still have, and I don't have a great answer about, is that
my legal name is only used for legal purposes and does not match my name
that I use socially and professionally. Few will want to sign a key that
doesn't have matching photo ID. Heck, *I* wouldn't want to sign a key that
didn't have a matching photo ID (and this has gotten more than a couple of
people unhappy with me in the past).
"The accumulation of all powers, legislative, executive, and judiciary, in
the same hands…may justly be pronounced the very definition of tyranny."
—James Madison, Federalist Paper No. 47
More information about the TriLUG