Little Brother - Cory Doctorow

A web of trust is a bigger version of this. Say I meet Jolu and get his key. I can put it on my "keyring" -- a list of keys that I've signed with my private key. That means you can unlock it with my public key and know for sure that me -- or someone with my key, anyway -- says that "this key belongs to this guy."

So I hand you my keyring and provided that you trust me to have actually met and verified all the keys on it, you can take it and add it to your keyring. Now, you meet someone else and you hand the whole ring to him. Bigger and bigger the ring grows, and provided that you trust the next guy in the chain, and he trusts the next guy in his chain and so on, you're pretty secure.

Which brings me to keysigning parties. These are exactly what they sound like: a party where everyone gets together and signs everyone else's keys. Darryl and I, when we traded keys, that was kind of a mini-keysigning party, one with only two sad and geeky attendees. But with more people, you create the seed of the web of trust, and the web can expand from there. As everyone on your keyring goes out into the world and meets more people, they can add more and more names to the ring. You don't have to meet the new people, just trust that the signed key you get from the people in your web is valid.

So that's why web of trust and parties go together like peanut butter and chocolate.

"Just tell them it's a super-private party, invitational only," I said. "Tell them not to bring anyone along or they won't be admitted."

Jolu looked at me over his coffee. "You're joking, right? You tell people that, and they'll bring extra friends."

"Argh," I said. I spent a night a week at Jolu's these days, keeping the code up to date on indienet. Pigspleen actually paid me a non-zero sum of money to do this, which was really weird. I never thought I'd be paid to write code.

"So what do we do? We only want people we really trust there, and we don't want to mention why until we've got everyone's keys and can send them messages in secret."

Jolu debugged and I watched over his shoulder. This used to be called "extreme programming," which was a little embarrassing. Now we just call it "programming." Two people are much better at spotting bugs than one. As the cliche goes, "With enough eyeballs, all bugs are shallow."