#weboftrust — Public Fediverse posts

A riveting saga of nerds spending a year rearranging deck chairs on the Arch Linux #Titanic 🚢💻. Spoiler: it involves more acronyms than a government agency 🥱. But hey, at least the Web of Trust and the Berblom algorithm are now free to roam the wilds of irrelevance 🤖.
https://devblog.archlinux.page/2026/a-year-of-work-on-the-alpm-project/ #ArchLinux #WebOfTrust #BerblomAlgorithm #NerdLife #TechSaga #HackerNews #ngated

Ah, yes, the Linux Kernel's #PGP Web of Trust—because nothing screams "cutting-edge technology" like a system built on the tattered remains of #keyserver networks 🤦‍♂️. Who needs simplicity when you can have a Byzantine key repository maintained by a single guy named Konstantin? 🔐🔑
https://blog.kleine-koenig.org/ukl/the-linux-kernels-pgp-web-of-trust.html #LinuxKernel #WebOfTrust #Security #Technology #Humor #HackerNews #ngated

The latest Cryptomator Hub release is here – and it's all about trust, control, and clarity.

With version 1.4.0, we're introducing new ways to verify identities, manage vault creation, and monitor activity more precisely.

Perfect for teams and organizations that take data security seriously.

🔍 Curious? Check out the full release breakdown on our blog: https://cryptomator.org/blog/2025/04/15/hub-1.4.0/?utm_source=mastodon&utm_medium=social&utm_campaign=hub-1-4-0

#Cryptomator #DataPrivacy #CyberSecurity #OpenSourceTools #EncryptionMatters #WebOfTrust #AuditTrail #ZeroKnowledge

@vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!

Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).

CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).

#PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust

Weekly output: Internet founders in D.C., Tim Berners-Lee at Web Summit, Bluesky account-verification advice

This holiday-shortened week still had a lot of work–just not all the kind that yielded bylines, in some cases not the kind that will yield bylines this year.

11/25/2024: Internet Founders: Open Architectures Are Best, But Big Tech Makes It Difficult, PCMag

As I wrote last week, it’s a treat seeing Internet pioneers speak about how their collective invention has been working out and what we ought to be doing with it.

11/27/2024: The man who gave us the web is building a better digital wallet, Fast Company

My Fast Company editor Harry McCracken asked if I wanted to join him to quiz the inventor of the Web at Web Summit, and I quickly said I’d clear my schedule for that. Like two years ago, Harry asked most of the questions and then wrote up our conversation.

11/29/2024: Real or Imposter? How to Verify That a Bluesky Account Is Legit, PCMag

My inspiration for this how-to came from seeing some bozo try to impersonate Rep. Don Beyer (D.-Va.) on Bluesky, then wondering why my congressman had not domain-verified his account with a house.gov handle, then personally shaming Bay Area Rapid Transit into tweeting its Bluesky handle from its verified X account (BART has since domain-verified its account). My editors then updated the post Sunday with details from posts Friday afternoon by Bluesky’s safety account about how the platform is dealing with this impersonation problem–including a recognition that “users want more ways to verify their identity beyond domain verification.”

#accountImpersonation #Bluesky #domainNameVerification #ProjectLiberty #socialMediaFraud #socialMediaVerification #SteveCrocker #TBL #TimBernersLee #VintCerf #webOfTrust #WebSummit

@resmo
Do you know the Web of Trust from #CAcert.org?
At the moment, we have very few applications that are based on this. There could easily be more ;-)
If you have an idea: welcome!

(We also have a few more ideas, but our resources are rather scarce and we can't work on more than one at a time. We want to present something new at Froscon this summer).

#weboftrust #cacert #wot #security

Another set of sshd-openpgp-auth and ssh-openpgp-auth releases is out:
This server and client-side tooling for managing the #authentication of #SSH host keys with the help of an #OpenPGP #certificate as trust anchor is now feature complete.
https://crates.io/crates/sshd-openpgp-auth
https://crates.io/crates/ssh-openpgp-auth
Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!
#DNS #KeyOxide #KnownHosts #OpenSSH #PGPKI #Rust #Rustlang #Software #SSH #WebKeyDirectory #WebOfTrust #WKD #WoT

We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.

Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.

https://crates.io/crates/sshd-openpgp-auth

https://crates.io/crates/ssh-openpgp-auth

Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!

#DNS #KeyOxide #KnownHosts #OpenSSH #Rustlang #Software #WebKeyDirectory #WebOfTrust #WKD #WoT