[ale] Keysigning get-together?

Sun Oct 23 01:05:42 EDT 2011

On Fri, 2011-10-21 at 20:38 -0400, Jim Lynch wrote: 
> On 10/21/2011 02:06 PM, Michael Trausch wrote:
> >
> > I would like to know if anyone has any interest in doing a PGP 
> > keysigning get-together.  My motivation is, of course, that I need 
> > signatures on my key. :)
> >
> > Would anyone else be interested?
> >
> >
> I hate to be the dissenting member but why?  I don't understand what we 
> information we interchange amongst us that need such security.  If we 
> were collaborating on some top secret project then sure, but I haven't 
> seen any topic that merits this level of security.
> 
> I thought we were a bunch of individuals that were interested in Linux 
> and wanted to share our experiences, or were looking for assistance with 
> respect to Linux not extremest radicals wanting to take over the world.
> 
> I have no reason to communicate with anyone on this list any information 
> that I wouldn't what someone else to view.  Is everyone as paranoid as 
> Aaron?
> 
> Not that I don't want it to happen, but what's the point?  I'm not Aaron.

All of my preceding rant aside, I totally forgot the most important
point and the number one most important reason...

This happened just recently on this list with someone asking for help.
It ended up that they contacted me with confidential details which could
not be communicated in an open forum or in unencrypted communications.
They send it to me encrypted to my PGP keys which are well known and
well established throughout the community.  I was able to read their
message and respond.  I responded to their keys.

Oh, then they find out they no longer have the secret key to their
public key (presumably) because of a backup bobble and they could not
read my response.  Now they have to create new keys and start everything
again from scratch.  Not good.  Very not good when you are in a bind and
you NEED them.  There are times when you need this the most and you need
to get it right have have it work from first principles the first time
and screwups are costly.

The point is this...  We do this to use and practice our encryption
practices.  Otherwise, when it comes to needing them, we WILL FAIL.  I
use my keys every day.  I work with cryptography every day.  The rest
(most) of you do not.  How do you know you will know what to do and to
do it right if you have not done it before and practiced it?  This is
what this is.  It's re-enforcing the entire infrastructure and it's
practicing the procedures that need to be followed.

The Ham operators have it right.  A Haiti incident comes very rarely and
few are involved.  A Katrina incident is a bit more common and far more
are involved.  But we practice on our nets and we take classes and we go
through these exercises time and time again so, when the time comes we
just KNOW what to do.  I will probably NEVER be involved in a Haiti or
Katrina type incident in my entire life, but I will know how to react
and how to deal and know what to do.

You want a single reason why?  That's it.  So we practice and exercise
and we know what to do so we can do it when we need it.  The time to
learn is NOT the time when you need it and you will never be able to
predict if you will need it or when you will need it.

That's the main reason.  All other reasons aside as mere icing on the
cake, that one reason is reason enough.  So that we are prepared when
the time comes that we need it.  That's reason enough.

> Jim.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 478 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20111023/2bdc2fe9/attachment.bin 