[TriLUG] GPG Key signing party
Ed Warnicke
hagbard at physics.rutgers.edu
Sun Jan 6 18:06:22 EST 2002
I think that having a general n-way signing event would be more
valuable. Perhaps it would be a better idea to do a meeting on
GPG and signing/encryption, providing enough info for all present
to be able to go home and generate their keys ( if they haven't yet )
and then do a normal n-way key signing party next time around, in the
decentrallized format suggested by the Key Signing Party Howto at
http://www.cryptnet.net/fdp/crypto/gpg-party.html#toc2 .
This way
1) Everybody has the opportunity to have a key to be signed,
and get's some instruction in it prior to the signing.
2) We get a much stronger web of trust.
3) Everybody has to interact with everybody else, at least
a little bit, and I think that's probably a good thing.
Naturally it would still be a good idea for Tanner to assemble keys of
those interested in participating.
I don't completely object to the process suggested below, but
Step 5 of the below suggested proceedure leads to a web of trust
that artificially looks much stronger than it really is, and that I
object to strongly.
Ed
On Sun, 2002-01-06 at 16:46, Tanner Lovelace wrote:
> On Sun, 2002-01-06 at 16:35, Kevin - The Alchemist - Sonney wrote:
> > I'm hip to most of that, with one exception - we could streamline the
> > process this way :
> >
> > 1) verify one person's public key as good, check their ID, etc, etc
> > 2) designate this person as official "signer" for the night
> > 3) each person verifies their key with the official signer
> > 4) the official signer signs that key and uploads it to a public
> > keyserver
> > 5) everyone else downloads the key(s) at their leisure, verifies that
> > the official signer's signature is good, signs the key, and re-uploads
> > it to the public keyserver.
> >
> > This would also save time at our next meeting (admittedly, it is "State
> > of the LUG" and a Meet & Greet") and not subject non-crypto minded
> > people to long strings of seemingly random babble *grin*
>
> That could work as well. Since I volunteered before, I'll go
> ahead and volunteer for it again (btw, the meeting is this
> Thursday, the 10th, right?).
>
> So, if you would like to be a part of this, please send
> me your public key by, let's say, Thursday at noon. I'll
> compile them all, and bring a list of all their fingerprints, etc...
> Then people can bring their key details and ID to the meeting, etc...
>
> Tanner
> --
> Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
> --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
> GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
> GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
> --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
> Those who are willing to sacrifice essential liberties for a little
> order, will lose both and deserve neither. -- Benjamin Franklin
>
> History teaches that grave threats to liberty often come in times
> of urgency, when constitutional rights seem too extravagant to
> endure. -- Justice Thurgood Marshall, 1989
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020106/0b99025a/attachment.pgp>
More information about the TriLUG
mailing list