So I've been working on getting my PGP key better connected into the web of trust. I've been to a couple of key signing parties and got my key signed by CACert and the PGP Global Directory all of which has made my key fairly well connected.
However this only underscores the fundamental problem with OpenPGP: relatively few people use it and only a fraction of them are connected into the strong set. This is in part a bootstrapping problem. With the web of trust connecting so few people it is hard to find someone to sign your key and key signing parties are a fair amount of work to organize.
So my idea to help OpenPGP users connect: a mobile phone app that tells you when you are close to a fellow user with whom you have not exchanged signatures.
Features
- Authentication either with the key or (for those who don't want to keep their key on their phone) by a signed token.
- User determines required proximity before detection occurs
- Variable levels of visibility: Invisible,Headcount only,Contact details,Location
- Ability to ignore certain users.
- Encrypted IM if you have your key.