364: Responsible Behavior
Title text: Never bring tequila to a key-signing party.
In order to send encrypted mail to people, you need to know their public key. You use this key to encrypt the email, and only they can read it (using their private key). However, there is the problem of authentication: how do you know for certain that the key belongs to the person to whom you think it does? It could be someone else masquerading as them, hoping for people to send them sensitive information. They could decrypt and read your mail, and could even re-encrypt it using the genuine public key of the intended recipient, and then pass the message onto them, leaving both you and the recipient unaware of the interception. This is a type of man-in-the-middle attack.
One solution for this is that people sign each other's keys. It works like this: say you want to send an email to Bob, but you've never met him. You find his key online (they are stored on certain servers, like cryptographic phone books), but how can you be sure that it's really his? Well, turns out that you have a mutual friend Alice, and you have her public key and you know that it is hers. If Alice has signed Bob's key with her private key (which only she has access to), it means that she's certain that that really is Bob's key. So then you can be sure that Bob's key is genuine (since you have a common friend, Alice) and that your communications will be safe.
A key-signing party is simply a super-geeky party where people meet in real life so that they can be sure of people's identity, and then everyone signs everyone else's key. It's a good way to expand the web of trust. The joke here is that he has no idea who this girl is and yet he still signed her key. This is dangerous, because he is vouching for her identity. If he is mistaken, this could result in a serious loss of credibility on his part.
The humor lies in the juxtaposition of what you expect (that they had sex) and what is the case (they signed each other's key, also known as geek-sex).
- [Cueball on phone.]
- Voice: Hey, I just got home from the party
- Cueball: The one with the IRC folks?
- Voice: Yeah.
- Cueball: How was it?
- Voice: Got too drunk. I screwed up, bad.
- Cueball: What happened?
- Voice: There was a girl. No idea who she was. Don't even know her name. I was too drunk to care.
- Cueball: And what, you slept with her?
- Voice: No.
- Voice: I signed her public key.
- Cueball: Shit, man.
add a comment! ⋅ refresh comments!