From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christine Caulfield Date: Mon, 26 Jan 2015 14:26:37 +0000 Subject: [Cluster-devel] HA Summit Key-signing Party In-Reply-To: <20150126141438.GE21558@redhat.com> References: <540D853F.3090109@redhat.com> <54B4ADAA.5080803@alteeve.ca> <20150126141438.GE21558@redhat.com> Message-ID: <54C64E9D.8030204@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 26/01/15 14:14, Jan Pokorn? wrote: > Hello cluster masters, > > On 13/01/15 00:31 -0500, Digimer wrote: >> Any concerns/comments/suggestions, please speak up ASAP! > > I'd like to throw a key-signing party as it will be a perfect > opportunity to build a web of trust amongst us. > Good idea. and it's given me the impetus to create a new key, because my old one expired in 2007!! (as well as being only 1024 bits) Chrissie > If you haven't incorporated OpenPGP to your communication with the > world yet, I would recommend at least considering it, even more in > the post-Snowden era. You can use it to prove authenticity/integrity > of the data you emit (signing; not just for email as is the case > with this one, but also for SW releases and more), provide > privacy/confidentiality of interchanged data (encryption; again, > typical scenario is a private email, e.g., when you responsibly > report a vulnerability to the respective maintainers), or both. > > In case you have no experience with this technology, there are > plentiful resources on GnuPG (most renowned FOSS implementation): > - https://www.gnupg.org/documentation/howtos.en.html > - http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#prep > (preparation steps for a key-signing party) > - ... > > To make the verification process as smooth and as little > time-consuming as possible, I would stick with a list-based method: > http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#list_based > and volunteer for a role of a coordinator. > > > What's needed? > Once you have a key pair (and provided that you are using GnuPG), please > run the following sequence: > > # figure out the key ID for the identity to be verified; > # IDENTITY is either your associated email address/your name > # if only single key ID matches, specific key otherwise > # (you can use "gpg -K" to select a desired ID at the "sec" line) > KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5) > > # export the public key to a file that is suitable for exchange > gpg --export -a -- $KEY > $KEY > > # verify that you have an expected data to share > gpg --with-fingerprint -- $KEY > > with IDENTITY adjusted as per the instruction above, and send me the > resulting $KEY file, preferably in a signed (or even encrypted[*]) email > from an address associated with that very public key of yours. > > [*] You can find my public key at public keyservers: > http://pool.sks-keyservers.net/pks/lookup?op=vindex&search=0x60BCBB4F5CD7F9EF > Indeed, the trust in this key should be ephemeral/one-off > (e.g., using a temporary keyring, not a universal one before we proceed > with the signing :) > > > Timeline? > Best if you send me your public keys before 2015-02-02. I will then > compile a list of the attendees together with their keys and publish > it at https://people.redhat.com/jpokorny/keysigning/2015-ha/ > so you can print it out and be ready for the party. > > Thanks for your cooperation, looking forward to this side-event and > hope this will be beneficial to all involved. > > > P.S. There's now an opportunity to visit an exhibition of the Bohemian > Crown Jewels replicas directly in Brno (sorry, Google Translate only) > https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.letohradekbrno.cz%2F%3Fidm%3D55 >