conference logo

Playlist "Two decades later - Keysigning in the 2000s"

Two decades later - Keysigning in the 2000s

Tobias Mueller

The Web of Trust is the decentralised PKI in the OpenPGP world.
It depends on people participating by signing other people's keys.
However, when following best practises, the act of signing a key involves secure transfer of the OpenPGP key which contemporary casual key signing protocols for small groups address by exchanging the fingerprint of the key to be signed.
The key will then be downloaded over an untrusted channel and the key obtained needs to be manually verified.