364: Responsible Behavior
Title text: Never bring tequila to a key-signing party.
In order to receive encrypted mail from people, you need to have a public key. This will let people encrypt emails to you that only you can read. However, there is the problem of authentication, how do you know for certain that key X belongs to person Y, someone could just have made a fake key so they can decrypt and read your mail and then pass it on to the real recipient (reencrypting it, so he doesn't know that you've read it). This is called a man-in-the-middle attack.
One solution for this is that people sign each other's keys. It works like this: say you want to send an email to Bob, but you've never met him. You find his key online (they are stored on certain servers, like cryptographic phone books), but how can you be sure that it's really his? Well, turns out that you have a friend Alice, and you have her key and you know that it is hers. If Alice has signed Bob's key with her key (which only she can do, you need the secret part of the key-pair), it means that she's dead certain that that really is Bob's key (maybe they are friends, or have met somewhere in real life). So then you can be sure that Bob's key is genuine (since you have a common friend, Alice) and that your communications will be safe.
A key-signing party is simply a super-geeky party where people meet in real life so that they can be sure of people's identity and then everyone signs everyone else's key. It's a good way to expand the web of trust. The joke here (which totally is not funny if you explain it, but I found it hilarious when I read ) is that he has no idea who this girl is and yet he signed her key. The humor lies in the juxtaposition of what you expect (that they screwed) and what is the case (they signed each other's key, also known as geek-sex).
- [Cueball on phone]
- Voice: Hey, I just got home from the party
- Cueball: The one with the IRC folks?
- Voice: Yeah.
- Cueball: How was it?
- Voice: Got too drunk. I screwed up, bad.
- Cueball: What happened?
- Voice: There was a girl. No idea who she was. Don't even know her name. I was too drunk to care.
- Cueball: And what, you slept with her?
- Voice: No.
- Voice: I signed her public key.
- Cueball: Shit, man.