[SGVLUG] Keysigning

Emerson, Tom (*IC) Tom.Emerson at wbconsultant.com
Wed Sep 26 12:35:20 PDT 2007 

I recently received a request to sign someone's PGP/GPG key at the next
meeting (seems they found "me" through biglumber, and I mentioned in the
comments that I attend SGVLUG meetings...)  Since getting signatures is
(generally) deemed a good idea, I'd like to invite (remind) everyone to
consider setting up a key and getting it signed (and sign everyone
else's) at the meeting.

A really rough overview for those that wish to participate:

  1) get a key 
  1a) [optional, but recommended] place your PUBLIC key on a well-known
server
  1b) [required] print your "fingerprint" and bring "several" copies to
the meeting
      [recommended: print onto blank business cards or several times
(double spaced) on a page, then cut the page into strips] -- consider
bringing at least 6 copies
  1c) [alternate] if we get "enough" people interested in doing this at
the next meeting (at least 15 people), we'll do it "list fashion", in
which case you really only need 1 copy of your fingerprint.  Please
forward your ID and/or fingerprint to me by the 8th so I can prepare a
list.

  2) bring yourself and some plausible ID to the meeting

  3a) informally: exchange "fingerprint slips" and check ID's; note
which ones you trust 
  3b) formal list: verify YOUR fingerprint is correct on your own list
AND anyone else's list you exchange with; verify THEIR fingerprint is
the same and correct on both lists; verify their ID (and determine your
"trust" level of that ID)

AFTER the party

   1) get THEIR key [from a keyserver or other means]
   2) review the FINGERPRINT of their key to ensure it matches what you
have on their slip/the list
   3) SIGN their key with YOUR key

   4a) IF the person who's key you just signed does NOT want that
signature to be public, EXPORT the key to a file and return it in a
secure fashion to that person [note: this should be rare...]
   4b) IF you got their key from a server, SEND it back to the server
with your signature now attached.

FULL details of this process can be found at 
http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.sgvlug.net/pipermail/sgvlug/attachments/20070926/7b4fce18/attachment.html

More information about the SGVLUG mailing list