[ale] ANNC: NOVEMBER ALE EVENTS - Install Fest, GPG Talk & Key Party
arxion
arxaaron at gmail.com
Fri Nov 6 13:50:17 EST 2009
Cool ALE events happening November 19th & 21st...
=========
THURSDAY, NOVEMBER 19th:
ALE CENTRAL MEEING & KEY SIGNING PARTY
7:30 pm, Emory Law School, Gambrel Hall 1C
(Key signing to start promptly at 8:00pm)
A GPG PGP Overview and Key Signing Party
with Michael Warfield
Synopsis:
-- A very concise overview talk on GPG and PGP
public key encryption followed by a key
signing party.
For Participation in the Key Signing:
-- Key generation and posting in advance of the
event is STRONGLY urged for those wishing to
participate in the key ring.* Two forms of
photo ID will be required for those with keys
to sign. Generic details and info about GPG
keys, generating keys and the key signing party
process is available at:
<http://cryptnet.net/fdp/crypto/keysigning_party/en/
keysigning_party.html>
!*! Please see Michael's email forward below
for full and specific details. Of special note
are recommendations for generating RSA/RSA key
pairs using the most current GnuPG2 software.
=========
=========
SATURDAY, NOVEMBER 21, 9am to 5pm:
ALE / Ubuntu Linux Install Fest
featuring Ubuntu release 9.10
Hosted by ITT Technical College
SW Atlanta Campus at:
Two Crown Center
1745 Phoenix Boulevard
Suite 100
Atlanta, GA 30349
( Note to please use the North end
building entrance. )
Synopsis:
-- A chance to see the facilities of (and meet some
Linux students from) our ALE partners at ITT Technical
College while installing the latest Linux releases or
getting face time help with your Open Source Technical
challenges. Plenty of Ubuntu disks will be on hand,
plus swag and raffle gifts. As always, plenty of good
Open Socializing and dutch treat pizza lunch will be
on hand.
========
Begin forwarded message:
> From: "Michael H. Warfield" <mhw at WittsEnd.com>
> Date: 2009, October, 27, 9:14:06 PM EDT
> To: ale at ale.org
> Cc: mhw at WittsEnd.com
> Subject: [ale] PGP/GPG Keysigning party! ALE Central November 19th.
> Reply-To: mhw at WittsEnd.com, Atlanta Linux Enthusiasts - Yes! We run
> Linux! <ale at ale.org>
>
> Hello all!
>
> Aaron approached me a couple of days about about running a PGP/GPG key
> signing party for the November ALE meeting. Looking back, it looks
> like
> the last one was 6-1/2 years ago! Wow, time flies... Ok... So be
> it.
>
> I will do a VERY BRIEF intro to public key cryptography before the
> meeting but a successful key signing party depends on preparation in
> advance on the part of the participants! Even well organized
> keysigning
> parties can degenerate into chaos very easily. Do not come to the
> meeting looking to learn how to create a new key. You should have
> your
> keys ready in advance. If not, still come, but understand that you'll
> learn some thing about PGP but you probably won't walk away with
> keys or
> signatures.
>
> To make this go smoothly, I will collect keys in advance of the
> meeting
> and print out sheets with key fingerprints. That saves an incredible
> amount of time and effort during the actual meeting and gives me an
> idea
> of how may keys to expect and copies to make. It also permits me to
> have a collected keyring I can make available to everyone after the
> meeting. Please expect to provide at least one photo id which will be
> projected on a screen for everyone to see (sensitive numbers will be
> blacked out with tape). Drivers license or passport are preferred.
>
> With recent developments in cryptography, some doubt is being cast on
> the DSS/DSA keys. Debian folks are strongly recommending a return to
> RSA keys and have some "procedures" in place for this.
>
> http://www.debian-administration.org/users/dkg/weblog/48
>
> If you are thinking it's time to dump off the old DSS/DSA keys and
> migrate back to an RSA 2048 bit key, now is the time as well. My
> older
> RSA 1024 bit key is still active and I have a DSS/DSA key as well but
> these are both being relegated to "legacy" and I now have a 2048/R key
> (0x674627FF). I'm not invalidating my old keys but I will only now be
> using them for key signing (my 0xDF1DD471 key is in the web of trust
> book and still in the PGP strong set).
>
> If you're not running the latest GnuPG, which should now be defaulting
> to RSA/RSA keys, it can get a little bit tricky to create a new style
> RSA key. With older (default DSS/DSA) versions of GunPG, you should
> create a new key but don't accept the default DSA and select "RSA
> (sign
> only)" key instead. Once the key is created, edit that key and add an
> RSA encryption key to it.
>
> Better yet, update your GnuPG and the default will create the new key
> like you want (RSA and RSA - sign and encrypt). If you don't have a
> current key and you don't know what any of this is about, that's fine.
> Just create a new RSA key for yourself (if it says RSA and RSA - TAKE
> THAT OPTION). If you don't see that option available, ask for help or
> update your system first.
>
> What I need from YOU! Well in advance of the meeting, please send
> your
> PGP public keys to alekeyparty at wittsend.com. If you do not have a PGP
> key and are just looking to get started, the time to start is right
> now!
> The time is NOT at a key signing party. This list has some very
> bright
> folks on it who can help you out if you are having difficulties. I
> will
> try to answer questions as best I can, but ask them now.
>
> Last time, we had a few people who did not submit their keys in
> advance.
> That's fine as long as it's not excessive or we will be there all
> night.
> At the very least, if you don't submit your keys in advance, your keys
> must be on the public keyservers and you should come with printouts of
> your key fingerprint. I have business cards on which I have my key
> fingerprints printed. Some people use little strips of paper. All of
> that is fine but it should be on "dead trees edition" and enough
> copies
> so you can pass them out and people can make notes on them.
>
> Procedure at the meeting... People who submitted their keys go first.
> We will pass out the preprinted sheets and then call people up to
> project their id's. The audience can then take notes on the sheets
> that
> they have confirmed their identification (anyone not showing up
> obviously is not confirmed AND SHOULD NOT BE SIGNED). After that,
> anyone with keysigning cards or other information to pass out can go
> from there. Anyone not prepared, we'll do what we can but you pays
> your
> nickel and you takes your chance.
>
> Procedure after the meeting... I'll update MY keyring with any last
> minute additions, clean out the "no shows", and then make an
> announcement to the list. You can then download that keyring and sign
> those keys which you feel comfortable that you confirmed their
> identity.
> You can then submit them to a public key server or send them back
> to the
> same E-Mail address above and I'll submit them in bulk.
>
> Any questions, please feel free to ping me but please do it early.
> We've only got about 3 weeks before this thing.
>
> Side note. I'm looking into also including a CA-Cert web of trust
> verification. That's for X.509 certificates from CA-Cert
> <http://www.cacert.org>. If you are interested, go up to their
> site and
> see what the deal is there. Being preregistered with them helps. You
> can get free X.509 S/Mime certificates and register OpenID with them,
> them. That all depends on me getting some additional CA-Cert
> "assurers"
> involved (there are several in the area). We did this at USENIX
> Lisa a
> couple of years back and it works in real well with a keysigning
> party.
> I'll post more details once I know more, if I can pull that off.
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://
> www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the
> best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure
> of it!
> _______________________________________________
More information about the Ale
mailing list