PGP signing party
Shachar Shemesh
wine-devel at shemesh.biz
Tue Apr 5 01:00:43 CDT 2005
I'm replying to my own email, as people are responding and it seems that
some clarification is going to be required.
Shachar Shemesh wrote:
> 1. Have a PGP key. You can generate one for yourself using gpg.
Make sure to keep it somewhere safe afterwards, and not forget the
password for it.
> 2. Send the PGP key finger print to me AT LEAST A WEEK BEFORE THE
> CONFERENCE. Any later then that, and it is not certain that we'll
> manage to get your key on the printed piece of paper that is necessary
> for carrying out the party.
My mistake. I'm going to need both the finger print AND the actual key.
Also, if you DON'T want the key published to a key server (I use
http://pgp.mit.edu), please let me know well in advance. Obviously, your
key will be published to all the people present at the key party. If
your name's not there on your email headers, include it in the body. The
name must be the same as appears on your formal IDs.
The purpose of a pgp signing party is to establish a link between your
virtual identity (your key) and your real one (as verified by an ID).
For that reason it is impossible to participate by proxy, or under an alias.
> 3. Bring a copy you can trust to wineconf, to make sure other people
> are really signing your key (i.e. - that I'm not pulling anybody's leg).
What you need is to do one of two things. A week before the party I'm
going to send to everyone who is participating in the pgp signing party
a text file which has everyone's names and fingerprint on it. You will
need to go over this page and make sure that your own name is spelled
correctly. Also make sure that the fingerprint on the page is the same
as the one you sent me.
> The full details of what a key signing party is, why are the
> procedures as they are, and what's so important about *not* signing
> the keys with your laptop at the party can be found at
> http://www.cryptnet.net/fdp/crypto/gpg-party.html
Already this is turning out to be a better success than last year. Make
sure to join the web of trust and get your key recognized.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
Have you backed up today's work? http://www.lingnu.com/backup.html
More information about the wineconf
mailing list