RFC: Using video conferencing for GPG key signing events

Thu 24 September 2015

A thought that I haven't had a chance to fully consider (so I'm asking the Internet to do that for me)...

I have a geographically-diverse team that uses GPG to provide integrity of their messages.  Usually, a team like this would all huddle together and do a formal key-signing event. With several large bodies of water separating many of the team members, however, it's unlikely that we could even make that work.

The alternative I thought of was using a video chat meeting to facilitate the face-to-face gathering and exchange of information. There are obviously some risks, here, but I wonder if those risks are suitably mitigated through the use of authenticated/encrypted links to the video chat system?  Can anyone point to why this would be a bad idea?

By Sparks, Category: Information Security

Tags: GnuPG / gpg keys / key signing / OpenPGP /