2007-04-17 OpenPGP Key Signing Party

Join the community. Get your key signed. Build the web of trust.

Free Pizza! But if you are feeling generous, the coordinator will accept donations on behalf of the Giftfile Project. (Tax-deductible! Write down your email address and the amount of your donation. An OpenPGP signed receipt will be emailed.)

Hosted by:

Vermont Area Group of Unix Enthusiasts. Advocating the use of free (as in freedom), open source, unix and GNU/Linux systems and software.

The Giftfile Project. Supporting nonproprietary creative works.

GLOSSARY

Summary

Q/A

Q. Should I participate if I did it last year?

A. Yes. I'll start with the list of keys from last year and add newly submitted keys. Even with last year's list, ids were exchanged on two different days, so I don't think we had complete coverage.

Q. Why would I want to participate?

A. It is your opportunity to strengthen the trust network that our community uses to establish identity. It is the "six degrees of separation" effect: the more people who sign your public key (and vice versa), the better the chance of a short chain of trust to any other key.

Q. How do I participate?

A.

  1. If you don't have an OpenPGP key, generate one.

    See the GnuPG (pgp) manuals for details. If you have trouble, ask questions on the Vague mailing list, or the #vague or #gnupg channels on irc at chat.freenode.net.

  2. Check that your key is up-to-date. Add or revoke UIDs, if you use an expiration date, move it to the future, etc.

  3. Make sure the up-to-date version of your public key is available at the designated key server (subkeys.pgp.net). Send it or resend it if necessary (gpg has a send option).

    At this point your key must be available at subkeys.pgp.net!

  4. Email your key ID to "Key Signing Party <ksp@giftfile.org>". Please just send the key id, not the public key. Send it from one of the key's UIDs email addresses. Send it BEFORE the meeting day.

  5. Tell your friends and colleagues about the KSP.

  6. Bring photo IDs, a pen, and a hardcopy of your 160-bit fingerprint to the KSP.

    We will do everything on paper. You don't need your computer. You can bring any IDs you like, a passport and drivers license would be excellent. Each participant sets their own policy. If you bring your Video and Firefly Fan Club membership cards, then nobody is likely to sign your key.

  7. The coordinator will hand out check lists. We will verify everything in an organized fashion.

    After this point everything is up to your personal policy!

  8. At home, using your check list and notes, decide which UIDS on which keys to sign and do so. Remember, you decide which keys and which UIDs to sign.

  9. Distribute your signatures. You decide the method. Please remember to do this step!

  10. As you receive signatures from other participants, you should add them to your key, and upload them to the keyserver. Also refresh your keyring to grab sigs that were sent directly to the keyserver.

Q. What are the semantics when I sign someone's key?

A. You certify, for example, that the person "Anthony Carrico" corresponds to the key with fingerprint "B4A0 ... 7ED0 6B5C" and UID "Anthony Carrico <acarrico@memebeam.org>". It doesn't mean anything else. It doesn't mean that you trust Anthony Carrico to drive your car.

Q. Where can I find more KSP details?

A. Search the web for "GnuPG Keysigning Party HOWTO" or "Len Sassaman and Phil Zimmermann" or "ksp-lt2k5".

Thank you very much!

Checks to Electronic Gift Economies, Inc..

Electronic Gift Economies, Inc. is a 501(c)(3) charitable organization. Your donation is tax-deductible in the United States.