kernel.org keysigning party for the Boston area: October 18, 2011

kernel.org keysigning party for the Boston area: October 18, 2011

[Theodore Ts'o]

I will be holding a key signing party in Cambridge on Tuesday, October
18, from 4-5pm for folks in the Boston greater metropolitan area.

Anyone who is interested should send me their key-id by Tuesday noon
US/Eastern, and I will give those folks the details about where we will
be holding the key signing party.   Please put "BOSTON KEY SIGNING" in
the subject line.

Please feel free to forward this to any fellow kernel devs who might not
be reading LKML.

    	    	  	   	   	   - Ted


What's a key-signing party?

A key-signing party is a get-together with PGP users for the purpose of
meeting other PGP users and signing each other's keys. This helps to
extend the "web of trust" to a great degree. Also, it sometimes serves
as a forum to discuss strong cryptography and related issues.

What do I need for this party?

Required Items
Physical attendance
Positive picture ID
Your Key ID, Key type, HEX fingerprint, and Key size
A pen/pencil or whatever you'd like to write with....
NO computer

Required Process

1.  All attendees send their public keys to a public keyserver. For this
party, we'll use keyserver.cryptnet.net. If for some reason you don't
want your key to be in a public keyserver, but still want to
participate, please let me know.

2.  All attendees send their key ID, key type, fingerprint, and key size to
the host, tytso@mit.edu, who will compile everyone's key information.

3.  The host prints a list with everyone's key ID, key type,
fingerprint, and key size from the compiled keyrings and distributes
copies of the printout at the meeting.

4.  Attend the party. Bring along a paper copy of your key ID, key type,
fingerprint, and key size that you obtained from your own keyring. You
must also bring along a suitable photo ID. Instruct the attendees at the
beginning that they are to make two marks on the listing, one for
correct key information (key ID, key type, fingerprint, and key size)
and one if the ID check is ok.

5. At the meeting each key owner reads his key ID, key type,
fingerprint, key size, and user ID from his own printout, not from the
distributed listing. This is because there could be an error, intended
or not, on the listing. This is also the time to tell which ID's to sign
or not. If the key information matches your printout then place a
check-mark by the key.

6. After everyone has read his key ID information, have all attendees
form a line.

7. The first person walks down the line having every person check his
ID.   The second person follows immediately behind the first person and
so on.

8.  If you are satisfied that the person is who they say they are, and
that the key on the printout is theirs, you place another check-mark
next to their key on your printout.

9.  Once the first person cycles back around to the front of the line he
has checked all the other IDs and his ID has been checked by all others.

10. After confirming that the key information on the key server matches
the printout that you have checked, sign the appropriate keys. Keys
should only be signed if they have two check-marks.  If you are using
Debian or Ubuntu, the "caff" (certifying authority fire and forget)
script can be found in the "signing-party" package along with other
useful scripts, which makes it much easier to sign the keys.  For
Fedora, the "caff" script can be found in the "pgp-tools" package.

11.  Send the signed keys back to the keyservers, or to owners of the
key.

Other questions about signing keys?

You may want to read the Keysigning Party Howto which includes an
explanation of the concepts behind keysigning, instructions for hosting
a keysigning party, instructions for participating in a keysinging
party, and step by step instructions for signing other's keys.

Re: kernel.org keysigning party for the Boston area: October 18, 2011

[Ted Ts'o]

On Thu, Oct 13, 2011 at 11:31:54AM -0400, Theodore Ts'o wrote:
> 1.  All attendees send their public keys to a public keyserver. For this
> party, we'll use keyserver.cryptnet.net. If for some reason you don't
                   ^^^^^^^^^^^^^^^^^^^^^^

Sorry, this keyserver no longer exists.  Please use pks.gpg.cz instead.

Actually, you don't need to specify a keyserver as long as you do at
least a day or so in advance, since all of the key servers talk to one
another.  The reason for specifying a specific key servers is for the
lamers who don't bother submitting their key until just before the
deadline, and the key hasn't had a chance to replicate to all of the
other servers yet.

						- Ted

Re: kernel.org keysigning party for the Boston area: October 18, 2011

[Ted Ts'o]

On Thu, Oct 13, 2011 at 11:31:54AM -0400, Theodore Ts'o wrote:
> 
> I will be holding a key signing party in Cambridge on Tuesday, October
> 18, from 4-5pm for folks in the Boston greater metropolitan area.
> 
> Anyone who is interested should send me their key-id by Tuesday noon
> US/Eastern, and I will give those folks the details about where we will
> be holding the key signing party.   Please put "BOSTON KEY SIGNING" in
> the subject line.
> 
> Please feel free to forward this to any fellow kernel devs who might not
> be reading LKML.
> 

Reminder, please send me your key-id today, or Tuesday at the latest,
if you would like to participate in the Boston area Key Signing.

>     	    	  	   	   	   - Ted

> 
> 
> What's a key-signing party?
> 
> A key-signing party is a get-together with PGP users for the purpose of
> meeting other PGP users and signing each other's keys. This helps to
> extend the "web of trust" to a great degree. Also, it sometimes serves
> as a forum to discuss strong cryptography and related issues.
> 
> What do I need for this party?
> 
> Required Items
> Physical attendance
> Positive picture ID
> Your Key ID, Key type, HEX fingerprint, and Key size
> A pen/pencil or whatever you'd like to write with....
> NO computer
> 
> Required Process
> 
> 1.  All attendees send their public keys to a public keyserver. For this
> party, we'll use keyserver.cryptnet.net. If for some reason you don't
> want your key to be in a public keyserver, but still want to
> participate, please let me know.
> 
> 2.  All attendees send their key ID, key type, fingerprint, and key size to
> the host, tytso@mit.edu, who will compile everyone's key information.
> 
> 3.  The host prints a list with everyone's key ID, key type,
> fingerprint, and key size from the compiled keyrings and distributes
> copies of the printout at the meeting.
> 
> 4.  Attend the party. Bring along a paper copy of your key ID, key type,
> fingerprint, and key size that you obtained from your own keyring. You
> must also bring along a suitable photo ID. Instruct the attendees at the
> beginning that they are to make two marks on the listing, one for
> correct key information (key ID, key type, fingerprint, and key size)
> and one if the ID check is ok.
> 
> 5. At the meeting each key owner reads his key ID, key type,
> fingerprint, key size, and user ID from his own printout, not from the
> distributed listing. This is because there could be an error, intended
> or not, on the listing. This is also the time to tell which ID's to sign
> or not. If the key information matches your printout then place a
> check-mark by the key.
> 
> 6. After everyone has read his key ID information, have all attendees
> form a line.
> 
> 7. The first person walks down the line having every person check his
> ID.   The second person follows immediately behind the first person and
> so on.
> 
> 8.  If you are satisfied that the person is who they say they are, and
> that the key on the printout is theirs, you place another check-mark
> next to their key on your printout.
> 
> 9.  Once the first person cycles back around to the front of the line he
> has checked all the other IDs and his ID has been checked by all others.
> 
> 10. After confirming that the key information on the key server matches
> the printout that you have checked, sign the appropriate keys. Keys
> should only be signed if they have two check-marks.  If you are using
> Debian or Ubuntu, the "caff" (certifying authority fire and forget)
> script can be found in the "signing-party" package along with other
> useful scripts, which makes it much easier to sign the keys.  For
> Fedora, the "caff" script can be found in the "pgp-tools" package.
> 
> 11.  Send the signed keys back to the keyservers, or to owners of the
> key.
> 
> Other questions about signing keys?
> 
> You may want to read the Keysigning Party Howto which includes an
> explanation of the concepts behind keysigning, instructions for hosting
> a keysigning party, instructions for participating in a keysinging
> party, and step by step instructions for signing other's keys.
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/