-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
>> As do I, and frankly can't figure out the purpose of unrecognizable
>> nicknames, but then again, I don't understand key signing parties
>> either.
>
> My understanding of them comes under the heading of security theater,
> in that they protect against a pretty uncommon threat and the step
> taken to mitigate this threat is about on the level of seizing water
> bottles in airports.
Actually, key signing parties are very useful. Being able to securely
communicate with other people, with a certain level of guarantee
that you are speaking with the correct person, is important, but there
is another advantage: digital signatures. People who have met me and
signed my key, for example, can be really damn sure that the Postgres
tarballs they downloaded are the same ones I encountered at a certain
point in time, and that I created the exact checksums listed, i.e.
http://www.gtsm.com/postgresql-20100518.gpg.txt
Personally, I'm a lot more worried about someone slipping a bogus
tarball into random mirror X than about encrypting email to the
wrong person, but it's nice to know that PGP is able to counter
both those problems.
- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 201005180104
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----
iEYEAREDAAYFAkvyIKoACgkQvJuQZxSWSsjHugCghVFYUXF6k25UUSYEev7OuIHV
uWoAnjy3Du8cVXssyRqhu/o7ny/2s5aK
=+alC
-----END PGP SIGNATURE-----