Hacker News new | ask | show | jobs
by pjc50 42 days ago
The IRL social network is actually the important part of the trust structure.

The only one of these I've seen that really worked was the Debian developer version: you had to meet another Debian developer IRL, prove your identity, and only then could you get the key signed and join the club.
2 comments
michaelt 42 days ago
> The IRL social network is actually the important part of the trust structure.

For Debian-style applications that are 100% about openness and 0% about secrecy, sure.

But if you want to secure communications between pro-democracy activists in China, or you're a Snowden-like whistleblower wanting to securely communicate with journalists - y'all probably don't want to be vouching for one another's keys.

link
81AB24FB 41 days ago
I participate in developing anti-censorship tools. Chinese are a significant population, and it has some overlap with activists there. In practice, identity settles at "who controls this email address".

Self-signed PGP is very occasionally used to prove continuity across channels or addresses. Cross-signed basically never.

link
LtWorf 42 days ago
You need to meet 2 actually :)
link