Greetings all, This is the first time we are running a key signing event at the upcoming OpenDaylight Forum India. I'm hoping on running this just before lunch on November 17th (last day of the event).
For those that have participated in the last couple you should be well familiar with the process by now. As such we're going to be executing on the strict "Hashed Based Method Party" [0]. Here's what you need to know. You will be _required_ two have forms of identification with you. I will be encouraging people to still request validation. When I have more firm time for when the party will happen I will be letting the lists know. In the mean time, what I need from folks is the following: 0) If you do not currently have a GPG key but wish to participate, make sure you generate a key. I strongly recommend doing an offline master [1], and even better if you've got a GPG smartcard (such as a YubiKey NEO or similar) for your subkeys [2]. 1) If you wish to participate you _must_ comply with the following: a) Your public key _must_ be on the keyserver mesh b) When I pull your public key, it must have both a signing subkey and an encrypting subkey. If you don't have those I will reject your key as virtually worthless without them. c) You _must_ mail the following to [email protected] if you mail me (or the mailing lists directly) I will ignore the message. d) Do not send 32-bit or short keyids which are easily subject to collision attacks. Its recommend to use long or full finger prints. Information to be mailed is your key fingerprint: --[cut]-- gpg2 --keyid-format long --fingerprint <your_email_address|keyID> --[/cut]-- On my Linux system I would do the following for my key with handle 'DBE2 4D9E 8ECC 5B29 5F33 FF61 A468 00C5 D9A8 855E' --[cut]-- $ gpg2 --keyid-format long --fingerprint [email protected] pub rsa4096/ A46800C5D9A8855E 2016-06-28 [SC] Key fingerprint = DBE2 4D9E 8ECC 5B29 5F33 FF61 A468 00C5 D9A8 855E uid [ultimate] Anil Belur <[email protected]> uid [ultimate] Anil Shashikumar Belur <[email protected]> uid [ultimate] Anil Belur <[email protected]> sub rsa2048/0FAA11C1B55BFA62 2016-06-28 [S] [expires: 2018-12-16] sub rsa2048/DC40225E6664848E 2016-06-28 [E] [expires: 2018-12-16] sub rsa2048/9515A6A0C2B6EDC9 2016-06-28 [A] $ echo `gpg2 --keyid-format long --fingerprint A46800C5D9A8855E` | mail -s "Anil's GPG fingerprint" [email protected] --[/cut]-- NOTE: The above may or may not work for you, particularly if you're on a Mac. As we get closer to the event I will be setting a hard date and time limit on when I will accept further submissions. After that I will no longer accept them. You will need to have the following with you to participate: 1) Yourself, you must be physically present for your key to be signed in this party 2) Two positive picture ID. Passports are strongly encouraged. 3) Your key ID, key type, HEX fingerprint, and key size 4) A way to validate the hash of the keyring that will be generated by me for the party participants from the submitted keys (that is, a device capable of executing sha512sum) or a willingness to trust those around you to do it for you. Alternatively, since I will be sending the keyring out electronically before the party to the participants, you may bring a copy of the computed sha512sum of the file and leave your device put away. 5) A willingness to talk with people and show them your identification documents [0] http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#hash_based [1] https://alexcabal.com/creating-the-perfect-gpg-keypair/ [2] https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ Regards, Anil Belur
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Discuss mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/discuss
