On Friday, September 21, 2001, at 11:04 AM, V Alex Brennen wrote:

A key-signing party is a get-together with PGP users for the purpose of meeting other PGP users and signing each other's keys. This helps to extend the "web of trust" to a great degree. Also, it sometimes serves as a forum to discuss strong cryptography, computer security, and related issues.

Required Items?

1. Physical attendance 2. Positive picture ID 3. A printout of your PGP key's fingerprint information 4. A pen/pencil or whatever you'd like to write with

It's too bad so many people are so confused about what a "Web of Trust" is. Do I need a "positive picture ID" of Lucky Green to communicate with him securely? Black Unicorn? Pr0duct Cypher? Eric Hughes? Attila the Hun? The notion that a particular credential with a picture on it means anything, or should be given weight, is one of the most dangerous ideas there is. For the obvious reasons. As a hint, the people you _don't_ want to trust are a helluva lot more likely to have nice, neat picture IDs than people like Lucky Green are. --Tim May (not my true name)