PGP signing party

Shachar Shemesh wine-devel at shemesh.biz
Tue Apr 5 01:00:43 CDT 2005


I'm replying to my own email, as people are responding and it seems that 
some clarification is going to be required.

Shachar Shemesh wrote:

> 1. Have a PGP key. You can generate one for yourself using gpg.

Make sure to keep it somewhere safe afterwards, and not forget the 
password for it.

> 2. Send the PGP key finger print to me AT LEAST A WEEK BEFORE THE 
> CONFERENCE. Any later then that, and it is not certain that we'll 
> manage to get your key on the printed piece of paper that is necessary 
> for carrying out the party.

My mistake. I'm going to need both the finger print AND the actual key. 
Also, if you DON'T want the key published to a key server (I use 
http://pgp.mit.edu), please let me know well in advance. Obviously, your 
key will be published to all the people present at the key party. If 
your name's not there on your email headers, include it in the body. The 
name must be the same as appears on your formal IDs.

The purpose of a pgp signing party is to establish a link between your 
virtual identity (your key) and your real one (as verified by an ID). 
For that reason it is impossible to participate by proxy, or under an alias.

> 3. Bring a copy you can trust to wineconf, to make sure other people 
> are really signing your key (i.e. - that I'm not pulling anybody's leg).

What you need is to do one of two things. A week before the party I'm 
going to send to everyone who is participating in the pgp signing party 
a text file which has everyone's names and fingerprint on it. You will 
need to go over this page and make sure that your own name is spelled 
correctly. Also make sure that the fingerprint on the page is the same 
as the one you sent me.

> The full details of what a key signing party is, why are the 
> procedures as they are, and what's so important about *not* signing 
> the keys with your laptop at the party can be found at 
> http://www.cryptnet.net/fdp/crypto/gpg-party.html

Already this is turning out to be a better success than last year. Make 
sure to join the web of trust and get your key recognized.

          Shachar

-- 
Shachar Shemesh
Lingnu Open Source Consulting ltd.
Have you backed up today's work? http://www.lingnu.com/backup.html




More information about the wineconf mailing list