Did you ever go to a key signing party?

The 90s (ish) popularised the idea that, to protect yourself against spies, you could meet your trusted associates in real life and physically verify their identity as you digitally signed each others’ PGP keys. Thanks to the magic of mathematics, your Quake serialz could be exchanged in peace and your super-important IRC logs could be assuredly untampered-with.

I see the web of trust is still a popular thing to try to grow at conventions.

My main reason for not bothering is because I never felt there was a moment where a message’s authenticity couldn’t be adequately inferred from context or TOFU. Maybe I just don't run in dangerous enough circles to attract men in the middle.

But now that we have automated machines that can confect context and appear highly authentic, perhaps human-to-human verification of keys could stand to go mainstream.

Tags

cryptography-yeah-actual-cryptography-not-crypto

Comments

Add a comment

Back to the index

Proxied content from gemini://lab6.com/mlog/2026/03/31/key-signing-party/ (external content)

Gemini request details:

Original URL
gemini://lab6.com/mlog/2026/03/31/key-signing-party/
Status code
Success
Meta
text/gemini
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.