On Monday night a group of newcomers and old-comers got together at HacDC to share ideas and practices about securely using email in our day to day lives. As an organizer and a newcomer, I felt like I learned a bit about how email encryption works and what motivates people to come do something out of the ordinary on a Monday night.
Using GPG signatures with email is a two way street. It is useless if only one party signs their messages and no one checks the signature. This is why very few people use real digital signatures when sending email. Usually there is no one on the other end to check it. This boils down to the problem of distributing keys through public key infrastructure (PKI). The existing GPG PKI was much ragged on in the halls of my University’s CS department.
However, I was surprised by how easy it was to share keys among participants of the meet-up through the GPG key servers. While key sharing between two people who have never met each other might still be a challenge, sharing keys among friends is a solved problem. This is a good thing.
Keeping a disparate group of hungry proto-cryptographers interested in teaching each other for its own sake is separate problem. Despite the lack of structure, a presentation, or formal anything I think every participant walked away from the workshop with some new knowledge. This is also good.
I am not quite sure what the next How To Workshop will be about. However, there was interest in going deeper into the email world. This might become How To Workshop about setting up your own mail server. It seemed like a few folks in the room had done it before and learned a lot from the experience. I – however – still want to learn about flashing openWRT. So we will see who can teach what when, but look out for the next one in early December and see if you can come out!