Beyond the web of trust: how organizations can help build strongly-authenticated ties without privacy compromises

From IFF Wiki
Jump to: navigation, search


Session Description

In this workshop, we'll discuss some approaches that communities, groups, and organizations can use to securely share information about GPG keys' validity in order to take advantage of in-person meetings & exchanges, but without the privacy compromises of the standard web of trust. Depending on participant makeup, we'll focus on a few core strategies: organizational certification keys and cross-organization certification; hidden and non-exported individual signatures; and private key-exchange.

Beyond the web of trust: how organizations can help build strongly-authenticated ties without privacy compromises
Presenter/s Tom Lowenthal
Organization Committee to Protect Journalists
Bio/s Tom Lowenthal is a technologist & activist with a special fascination for operational security & grassroots surveillance self-defense. He believes strongly in individual privacy & personal freedom and tries to avoid making eye contact with security cameras — which is not nearly as effective as he thinks it is. He's currently Staff Technologist at the Committee to Protect Journalists where he works to make the Internet and the tools, platforms, & devices that connect to it safe places for the practice of journalism without fear of censorship or reprisal. He has previously worked as Project Coordinator at the Tor Project, Paranoia Advocate at Mozilla, and as a freelance tech policy & security writer for Ars Technica. You might find him as @flamsmark on Twitter and his GPG key's fingerprint is 1ADE 9951 1A97 95FA 3557 53DC 51E7 1B75 4A09 B187.
Language English
Topics

Session Comments