Hi all,
[Short notice on this one, since plans have been put together in a
hurry, sorry]
We're planning to have a GnuPG/PGP key signing event tomorrow. The goal
is to have our keys verified and signed by each other in person,
bringing more people and more keys into the distributed Web of Trust.
For an overview, check out the Keysigning Party HOWTO [1] that will help
you understand the concept and process.
To do before the event
------------------------------
1. Make sure you have a valid, secure GnuPG/PGP key. Generating this is
out of scope of this document, but there are some tips in the HOWTO and
elsewhere on the net.
2. Ensure your key is available on a public keyserver. For this event,
we will use the keyserver at pgp.mit.edu
3. I have created a web-based keyring for the event at biglumber.com
[2]. Please add your key to the keyring before the event begins. Signing
up to the site is optional, you should be able to add a key either way.
NOTE: Please don't leave this until too late. If possible, I will print
out copies of this keyring before I leave for the venue, and if yours is
not on it then others will have to write down your id/fingerprint by
hand. Alternatively, you could bring your own key slips (containing your
key ID and fingerprint) to hand out to everyone.
What you need to bring
------------------------------
1.A form of physical ID. It is strongly recommended that this is some
sort of police-verified, government-issued ID, such as a driving
licence, passport or Aadhar card. The Web of Trust is only as strong as
the verification done by each person, so it's important to do it right.
2. A pen and paper. You'll write down the verification notes as you
verify each key. If I am able to bring printouts you won't need the
paper but best bring some anyway.
3. A personal reference hardcopy of your Key ID and fingerprint. Either
hand-written or printed is fine, this is just so you can identify your
own key to yourself.
During the Event
----------------------
1. We'll put the keyring up on screen. This is a good time to check that
your ID/fingerprint on screen is the same as the one you brought with you.
2. Each person will stand up in turn and identify themselves: Name,
email address (same as used in the key), Key ID and Key Fingerprint. At
this point the verification ID should be handed to all other
participants to match the speaker with the ID.
After the Event
--------------------
By the end of the event, you should have a printed or hand-written list
of all keys/fingerprints that you've personally verified. You can then
go home and digitally sign the keys at your leisure. Remember to upload
the signatures to the keyserver.
For more info, please study the references below; the HOWTO is better
for concepts, but the Ubuntu party page is a good cheatsheet. We will
try to help as many people as possible at the event as well, but
preparing and understanding the process beforehand is much preferred -
we won't be helping you generate your key during the event, for example.
If I've missed out on anything important, please let me know ASAP.
Links
-------
[1]: HOWTO:
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
A quick summary from Ubuntu: https://wiki.ubuntu.com/KeySigningParty
[2]: Keyring: http://biglumber.com/x/web?keyring=6943
Thanks and hope to see you there tomorrow,
-Sirtaj Singh Kang.
_______________________________________________
Ilugd mailing list
[email protected]
https://lists.hserus.net/mailman/listinfo/ilugd
