Beyond the web of trust: how organizations can help build strongly-authenticated ties without privacy compromises
In this workshop, we'll discuss some approaches that communities, groups, and organizations can use to securely share information about GPG keys' validity in order to take advantage of in-person meetings & exchanges, but without the privacy compromises of the standard web of trust. Depending on participant makeup, we'll focus on a few core strategies: organizational certification keys and cross-organization certification; hidden and non-exported individual signatures; and private key-exchange.
|Beyond the web of trust: how organizations can help build strongly-authenticated ties without privacy compromises|
|Organization||Committee to Protect Journalists|
|Bio/s||Tom Lowenthal is a technologist & activist with a special fascination for operational security & grassroots surveillance self-defense. He believes strongly in individual privacy & personal freedom and tries to avoid making eye contact with security cameras — which is not nearly as effective as he thinks it is. He's currently Staff Technologist at the Committee to Protect Journalists where he works to make the Internet and the tools, platforms, & devices that connect to it safe places for the practice of journalism without fear of censorship or reprisal. He has previously worked as Project Coordinator at the Tor Project, Paranoia Advocate at Mozilla, and as a freelance tech policy & security writer for Ars Technica. You might find him as @flamsmark on Twitter and his GPG key's fingerprint is 1ADE 9951 1A97 95FA 3557 53DC 51E7 1B75 4A09 B187.|