[ale] PGP / GPG Keysigning party... Upload your key now!

Michael H. Warfield mhw at WittsEnd.com
Fri Nov 18 01:23:43 EST 2011 

Everyone!

As discussed at tonight's ALE Central Meeting and at the after meeting
meeting, we are working on a PGP keysigning party for December.

Pursuant to that, I have set up a listing at BigLumber,
<http://biglumber.com>, a site dedicated to promoting PGP keysigning
parties.  Please feel free to register up there if you wish to host /
coordinate parties or if you wish to do individual key signings.
Registration is NOT required to merely participate in a keysigning party
- registration is only required for organizers and listers.  The Forum
of Incident Response Securty Teams (FIRST - http://www.first.org) has
used this site for years coordinating our PGP keysigning events.

In anticipation of the keysigning event, you should add your key to our
keyring here:

http://biglumber.com/x/web?keyring=4254

You will see a text listing of our complete keyring with the key ids,
the owner uids and the key fingerprints.

Just paste your public key into the text window or browse to a file of
it and then hit "submit query" (yeah, I know it's kinda weird and
confusing and it confused me the first time too).  Your key will be
added and you will see a complete listing of the current keys on this
keyring (currently just my two) after you go back and hit "refresh".  We
will print out copies of the keyring for the keysigning party and you
can then "check off" people you verify.

When we have gone through the keysigning party itself, you can then
download the entire keyring from BigLumber, import it, and sign those
keys which you have personally verified.  DO NOT sign any keys on the
keyring you have not personally identified and verified at the party!
That's the very principle of the web of trust!  The keyring is public
and visible and anyone can add their key to it and can download the
entire keyring.

After signing keys you've verified, you can send the signed keys to
their owners or update the public keyrings as you wish.  You can also
update the signatures at BigLumber by uploading the signed keys to the
keyring as well.

Please use the final keyring after the party to actually do signatures
as people will be adding keys up to the last moment or you may miss
some.  By the same token, if people show up who have not uploaded their
keys by the time of the keysigning party, it is NOT TOO LATE but do NOT
be tardy after!

Even if you are NOT SURE you will be able to attend, please upload your
keys anyways!  It doesn't hurt.  You won't be breaking any protocol.
You won't be subject to any SPAM.  If you think there is any remote
possibility you might be there and might like to pick up a FEW
signatures, upload your key ASAP so you won't forget!

You will not HAVE TO use BigLumber.  There's always a few who forget
(please DON'T - it makes things go sooooo much faster and easier) or who
just generated new keys.  Even if you have not uploaded your key to
BigLumber, you can still attend the party.  Please bring either business
cards, or PGP cards, or even strips of paper with your key id and
fingerprint printed on it and we will make due.  I WILL have a stack of
my own, just in case.  BUT...  If you can, please use BigLumber and help
us build the keyring as much in advance as you possibly can!

To make this happen in December, we start now.  Let the uploads begin!

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20111118/02daaf3d/attachment.bin

More information about the Ale mailing list