[Cluster-devel] HA Summit Key-signing Party

[Christine Caulfield <ccaulfie@redhat.com>]

On 26/01/15 14:14, Jan Pokorn? wrote:
> Hello cluster masters,
>
> On 13/01/15 00:31 -0500, Digimer wrote:
>> Any concerns/comments/suggestions, please speak up ASAP!
>
> I'd like to throw a key-signing party as it will be a perfect
> opportunity to build a web of trust amongst us.
>

Good idea. and it's given me the impetus to create a new key, because my 
old one expired in 2007!! (as well as being only 1024 bits)

Chrissie

> If you haven't incorporated OpenPGP to your communication with the
> world yet, I would recommend at least considering it, even more in
> the post-Snowden era.  You can use it to prove authenticity/integrity
> of the data you emit (signing; not just for email as is the case
> with this one, but also for SW releases and more), provide
> privacy/confidentiality of interchanged data (encryption; again,
> typical scenario is a private email, e.g., when you responsibly
> report a vulnerability to the respective maintainers), or both.
>
> In case you have no experience with this technology, there are
> plentiful resources on GnuPG (most renowned FOSS implementation):
> - https://www.gnupg.org/documentation/howtos.en.html
> - http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#prep
>    (preparation steps for a key-signing party)
> - ...
>
> To make the verification process as smooth and as little
> time-consuming as possible, I would stick with a list-based method:
> http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#list_based
> and volunteer for a role of a coordinator.
>
>
> What's needed?
> Once you have a key pair (and provided that you are using GnuPG), please
> run the following sequence:
>
>      # figure out the key ID for the identity to be verified;
>      # IDENTITY is either your associated email address/your name
>      # if only single key ID matches, specific key otherwise
>      # (you can use "gpg -K" to select a desired ID at the "sec" line)
>      KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)
>
>      # export the public key to a file that is suitable for exchange
>      gpg --export -a -- $KEY > $KEY
>
>      # verify that you have an expected data to share
>      gpg --with-fingerprint -- $KEY
>
> with IDENTITY adjusted as per the instruction above, and send me the
> resulting $KEY file, preferably in a signed (or even encrypted[*]) email
> from an address associated with that very public key of yours.
>
> [*] You can find my public key at public keyservers:
> http://pool.sks-keyservers.net/pks/lookup?op=vindex&search=0x60BCBB4F5CD7F9EF
> Indeed, the trust in this key should be ephemeral/one-off
> (e.g., using a temporary keyring, not a universal one before we proceed
> with the signing :)
>
>
> Timeline?
> Best if you send me your public keys before 2015-02-02.  I will then
> compile a list of the attendees together with their keys and publish
> it at https://people.redhat.com/jpokorny/keysigning/2015-ha/
> so you can print it out and be ready for the party.
>
> Thanks for your cooperation, looking forward to this side-event and
> hope this will be beneficial to all involved.
>
>
> P.S. There's now an opportunity to visit an exhibition of the Bohemian
> Crown Jewels replicas directly in Brno (sorry, Google Translate only)
> https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.letohradekbrno.cz%2F%3Fidm%3D55
>