RFC: Using video conferencing for GPG key signing events

Thu 24 September 2015

A thought that I haven't had a chance to fully consider (so I'm asking the Internet to do that for me)...

I have a geographically-diverse team that uses GPG to provide integrity of their messages.  Usually, a team like this would all huddle together and do a formal key-signing event. With several large bodies of water separating many of the team members, however, it's unlikely that we could even make that work.

The alternative I thought of was using a video chat meeting to facilitate the face-to-face gathering and exchange of information. There are obviously some risks, here, but I wonder if those risks are suitably mitigated through the use of authenticated/encrypted links to the video chat system?  Can anyone point to why this would be a bad idea?

By Sparks, Category: Information Security

Tags: GnuPG / gpg keys / key signing / OpenPGP /

Other articles

Inadvertant data leakage from GnuPG

Mon 01 July 2013

I was recently introduced to a privacy issue when refreshing your OpenPGP keys using GnuPG.  When refreshing your public key ring using a public key server GnuPG will generally use the OpenPGP HTTP Key Protocol (HKP) to synchronize keys.  The problem is that when you do refresh your keys using …

By Sparks, Category: Information Security

Continue reading …

Hashing Algorithm: Is your GPG configuration secure?

Thu 21 February 2013

If your email messages are being signed using SHA-1 you may not be getting the security you think you are. Attacks on the hashing algorithm have caused much pain to those that use it.  Luckily SHA-2 is available and hopefully we'll start seeing SHA-3 out in the world soon.

You've …

By Sparks, Category: Information Security

Continue reading …

Expiring OpenPGP keys...

Mon 19 October 2009

A discussion was had on one of the Fedora IRC channels months ago about the "proper" way to handle expiring GPG keys without breaking the web of trust. It was my opinion that by generating new keys every so often (yearly?) that it would increase the security of the overall …

By Sparks, Category: Information Security

Continue reading …