Chris does bring up one point, if you want to do this another time with others both parties need to exchange:
1) Name on key 2) Public Key number 3) Public Key Fingerprint 4) Possibly key-server if a special one is used ( Cuban, Syrian, North Korean or Debian ) ( Never expose and always protect your private key! Also keep your revocation certificate in a safe place! ) PLEASE PLEASE Read Creating the perfect key pair => https://alexcabal.com/creating-the-perfect-gpg-keypair/ Best practices guide => https://we.riseup.net/riseuplabs+paow/openpgp-best-practices The "party" in effect is to launch you with a few signatures, once you have some, please by all means get others to sign your key and sign others. I would not remote sign keys, best practice is to always do it in person, for the reasons we are discussing here. Joe On Sun, Mar 2, 2014 at 8:25 PM, Chris Knadle <[email protected]>wrote: > On Sunday, March 02, 2014 17:48:38 Joseph Apuzzo wrote: > > Well within reason, if your showing me a just expired picture ID from a > > valid licensing authority ( ex. a government or a state ) I agree. > > If your showing me a 1967 NYS drivers license and nothing else then I > would > > have to say no. > > > > I'm just giving examples, in the past at a key signing I was confronted > > with a 1989 drivers license from Georgia, ( pre-picture ID ) not knowing > > the person I refused and they got VERY mad and blamed me. So because of > > past events I'm trying to set expatiation correctly. Speaking of which > for > > every 2 people I sign there keys I only get one of the two to > reciprocate. > > So I'm also hoping that everyone come through since this is a new 4K key > > for me. > > This is an area that is commonly frustrating. Part of it is a lack of > information ahead of time concerning expectations, and part of it is what > is > normally considered "official identification" in one's country of origin. > > For instance I haven't had a need for a US Passport for decades, so I don't > have a current one; instead in the US we use our driver's license as > official > identification, but that's /unusual/ internationally. [Likewise until 9/11 > Canada accepted a US driver's license when visiting.] So, at DebConf10 I > went > to have my GPG key signed by Debian Developers, whereby I ran into a lot of > resistance from many DD's "I'm not signing a key from someone without > seeing > their passport" etc, which was never discussed and thus was unanticipated. > Also, before the key signing there were badges made up whereby the person's > name used for conference registration was compared with the name used on > their > GPG key; if they matched /exactly/ then a QR code was printed on the badge > giving details of their GPG key, and not otherwise. Nowhere was this > stated, > so if you say made the mistake of simply using your first and last name but > not your middle initial in your GPG key name, but it's on your driver's > license, then you wouldn't get a QR code and your badge would look > different > and "less official", inviting additional scrutiny. > > During the key signing itself one person handed me what looked like a > college > ID from an Arabic country. She said it was her official ID from the > country, > but it was so confusing that I couldn't tell what to make of it. I tried > to > talk to her about it, but we were all in a line such that discussions held > up > the line, and she wasn't amenable to discussing it. I thus got first-hand > experience with what other Debian Developers were frustrated with > concerning > US drivers licenses, where each state issues a license that can look quite > different. > > Additionally each person seems to have their own "rules" concerning when > they'll sign someone's key or how, and you don't find out what these > "rules" > are until /after/ the key signing. An example of this was one of the DDs > that > signed my key signed it with an /expiration date/ on the signature. This > got > pointed out and questions asked, and AFAIK the answer was weird and didn't > fully make sense. > > The bottom line is that GPG key signing events are difficult. Without > detailed information on the intended process there are a lot of > assumptions, > and thus the procedure isn't totally clear -- and I've never yet seen a key > signing done the same way twice. > > > > > I'm likely not going to be able to make it to this key signing. Instead > I'm > hoping I can sign individual keys later -- so if anybody recognizes me at a > meeting later and would like to exchange GPG signatures, please find me and > ask. Look for a laptop with a big Debian swirl on the top/back cover -- > AFAIK > I'm the only one in the group that has that. That, and in the winter time > I > wear a black ski jacket with yellow/orange/purple stripes. Likewise there > are > a number of people I'll likely be asking to see if they'd like to exchange > GPG > signatures. > > -- Chris > > -- > Chris Knadle > [email protected] > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > Upcoming Meetings (6pm - 8pm) Vassar College > Mar 5 - 11th Anniversary Meeting - Home Network Show and Tell > Apr 2 - Nginx: High-Performance HTTP Server, Reverse Proxy, and > IMAP/POP3 Proxy Server > May 7 - Google App Engine > -- Joe /** ** Joseph T Apuzzo ** GPFS SME (Linux, Windows, AIX), Linux LPI-c1 ** http://www.linkedin.com/in/japuzzo/ ** GPG: https://sks-keyservers.net/ use 2190E068 **/
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Mar 5 - 11th Anniversary Meeting - Home Network Show and Tell Apr 2 - Nginx: High-Performance HTTP Server, Reverse Proxy, and IMAP/POP3 Proxy Server May 7 - Google App Engine
