From Fedora Project Wiki

No edit summary
m (Reverted edits by 192.168.1.78 (talk) to last revision by N3pb)
 
(23 intermediate revisions by 11 users not shown)
Line 1: Line 1:
== Followup ==
''This section was added after the keysigning and contains some useful followup information.''
* Keyring and fingerprints:
** [http://nb.fedorapeople.org/keys2.pdf key and fingerprint list (keys2.pdf)]
** [http://nb.fedorapeople.org/keys2.pdf.sha256sum.asc key and fingerprint list sha256sum]
** [http://nb.fedorapeople.org/keys2.asc keyring to import]
** [http://www.flickr.com/photos/n3pb/sets/72157628896297595/with/6708278535/ Photos of the key fingerprints on the board.]
** IDs of keys signed: 110810E9 154FDAF0 57E02D57 D72AD0EF 1999A427 85DACC63 B2420431 62A2258E 0E572FDD 024BB3D1 3A7676E7 210BDF5A 9342BF08 1F85118D 07D2F8B4 89CCAE8B 34E36341 390EBBB9 AA482E46 92F0FC09 E65E4F3D FA6C4994 D1F5C478 DAD3DF0E 8B3D4806 9B649644 5B7CBD2B 94BC377E 1285BE7C 750152F1 CD84EE48 DF044293 188C6D38 2486CFD6 D39BE61C C40F2998 C8391120 EBD267AB 6EF4DA92 B4D3D7B0 835D13A0
* Signing tools
** '''caff''' is part of the '''pgp-tools''' package.
** [http://www.phildev.net/pius/pius pius (PGP Individual UID Signer)]
* The strong set in the PGP web of trust
** [http://en.wikipedia.org/wiki/Web_of_trust#Mean_shortest_distance Explanation at Wikipedia.]
** [http://pgp.cs.uu.nl/plot/ analysis of the strong set in the PGP web of trust]
** [http://www.lysator.liu.se/~jc/wotsap/index.html wotsap (Web of trust statistics and pathfinder)] - take a look at the [http://www.lysator.liu.se/~jc/wotsap/search.html search page] for a bunch of interesting things you can do.  [http://webware.lysator.liu.se/jc/wotsap/wots/latest/groupmatrix/110810E9,0x154FDAF0,0x57E02D57,0xD72AD0EF,0x1999A427,0x85DACC63,B2420431,0x62A2258E,0x0E572FDD,024BB3D1,3A7676E7,0x210BDF5A,0x9342BF08,0x1F85118D,0x07D2F8B4,0x89CCAE8B,0x34E36341,0x390EBBB9,AA482E46,0x92F0FC09,E65E4F3D,0xFA6C4994,D1F5C478,DAD3DF0E,0x8B3D4806,9B649644,5B7CBD2B,94BC377E,1285BE7C,0x750152F1,CD84EE48,DF044293,188C6D38,2486CFD6,D39BE61C,C40F2998,C8391120,0xEBD267AB,0x6EF4DA92,0xB4D3D7B0,0x835D13A0.txt Here] is a matrix of all the key signings from FUDCon.  (Note: It sometimes takes quite a while for new data to show up in the wotsap.)
== Original Page ==
{{admon/warning|The signup deadline has passed|If you still want to participate, bring about 60 slips with your key's fingerprint printed or '''neatly''' written on it.}}
There will be a GPG Key Signing Event held at FUDCon Blacksburg 2012 on Saturday, January 14th, at 1700 (5pm). There will also be a [[FUDCon:Blacksburg_2012_CAcert_Assurance_Event|CAcert Assurance event]] held at 1600 (4pm), immediately preceding this event.
There will be a GPG Key Signing Event held at FUDCon Blacksburg 2012 on Saturday, January 14th, at 1700 (5pm). There will also be a [[FUDCon:Blacksburg_2012_CAcert_Assurance_Event|CAcert Assurance event]] held at 1600 (4pm), immediately preceding this event.


Please sign up below and make sure your key is available on the public keyserver network or make a note here with the url if it is not.
Please sign up below and make sure your key is available on the public keyserver network or make a note here with the url if it is not.


'''Things to bring to the event:'''
== Notice of change ==
Nick and I are working through the last minute logistics that goes along with the event.  We hadn't planned on this event event being so popular!  With this in mind we have decided to change the way we are doing the key verifications.  Originally we were planning on each person, individually, standing up and reading their key aloud while everyone else verified the paper copy provided for the event.  This procedure is used most often and is the most secure.  The problem is we now have <strike>forty-four</strike> forty-nine keys to be signed!  That's going to take a while!
 
For larger parties the recommended procedure is the "hash-based method".  The keys will still be provided to everyone on paper.  The file will be digitally signed (and electronic versions of the document will be made available).  At the event everyone verifies that *their* key is listed correctly on the paper and then the host will read the hash to everyone so that everyone can verify that their copy is correct and has not been modified.  Once this happens and everyone is satisfied that they have the correct list of keys then we check everyone's identification.
 
If anyone has any concern about this procedure please let us know *now* so we can address this. 
 
[http://nb.fedorapeople.org/keys2.pdf key and fingerprint list]
 
[http://nb.fedorapeople.org/keys2.pdf.sha256sum.asc key and fingerprint list sha256sum]
 
[http://nb.fedorapeople.org/keys2.asc keyring to import]
 
== Things to bring to the event: ==
# Yourself
# Yourself
# At least one government issued photo ID
# At least one government issued photo ID
Line 10: Line 43:
# NO computer (or at least leave it in your bag or something, you don't need to actually sign the keys right then)
# NO computer (or at least leave it in your bag or something, you don't need to actually sign the keys right then)


We will be conducting the event as follows:
=== Why shouldn't I bring a computer?===
The participants will send their key information to the coordinator who would compile it into a list (compiled from this wiki page). Each participant, upon arriving at the party, will be given a copy of the key list. Each participant will then be called on by the coordinator. The participant will then check their key fingerprint against the fingerprint on the sheet that the coordinator gave them. If the participant is sure that their key is the same as the key on the sheet then the participant will read their fingerprint aloud so that the other party participants can make sure they also have the correct matching fingerprint. If they do in fact have the correct matching fingerprint, they will check it off on their sheet. This is necessary to make sure that the coordinator has not made a mistake in the generation of the sheet or has not slipped a sheet with faked key information to one or more of the participants. After everyone has checked off the participant's key, the coordinator will then call on the next participant, and so on. After all of the keys have been verified, the participants and coordinator will be asked to form a long single file line while holding their IDs in front of them. The person at the head of the line walks down the line and checks each person's ID. If their ID is correct, they will place a second check mark on their list.  Once a key has two check marks it can be signed.  
There are a variety of reasons, why you don't want to do this. The short answer is it would be insecure, unsafe, and of no benefit. For those not convinced, here are some reasons why it is insecure, unsafe, and of no benefit.
* If people are carrying their secret keys with them and intend to do the signing at the actual meeting by typing their passphrase into a computer, then they are open to key-logging attacks, shoulder-surfing, etc.
* Someone might spill $beverage on it.
* Someone might drop it or knock it off the table.
* Etc
 
== Keysigning Procedure ==
# Generate a key/Remember your pass phrase
# All attendees send their public keys to a public keyserver. For this party, we'll use keys.bz or keys.christensenplace.us. If for some reason you don't want your key to be in a public keyserver, but still want to participate, please let me know.
# All attendees posts their fingerprint to this wiki page (see below). The event coordinator will compile everyone's key information.
# The host prints a list with everyone's fingerprint from the compiled keyrings and distributes copies of the printout at the meeting.
# Attend the party. Bring along a paper copy of your fingerprint that you obtained from your own keyring. You must also bring along a suitable photo ID. Instruct the attendees at the beginning that they are to make two marks on the listing, one for correct key information and one if the ID check is ok.
# At the meeting the host will distribute the key forms and a hash of that form (also available from this wiki page).  The host will read the hash key out so that everyone can verify they have the same file. Everyone will verify that their fingerprint is correct on the form.  Once everyone has verified these two pieces of information we will start with the identifications.
# After everyone has read his key ID information, have all attendees form a line.
# The first person walks down the line having every person check his ID.
# The second person follows immediately behind the first person and so on.
# If you are satisfied that the person is who they say they are, and that the key on the printout is theirs, you place another check-mark next to their key on your printout.
# Once the first person cycles back around to the front of the line he has checked all the other IDs and his ID has been checked by all others.
# After everybody has identified himself or herself the formal part of the meeting is over. You are free to leave or to stay and discuss matters of PGP and privacy (or anything else) with fellow PGP users. If everyone is punctual the formal part of the evening should take less than an hour.
# After confirming that the key information on the key server matches the printout that you have checked, sign the appropriate keys. Keys can only be signed if they have two check-marks.
# Send the signed keys back to the keyservers.
# Use those keys as often as possible.  


We are not providing specific guidelines on what IDs are acceptable, or how many are required, however, it is generally expected that each participant will be able to provide some sort of government issued photo identification, such as driver's license, passport, etc., matching the name on their key.
=== Acceptable Identification ===
We are not providing specific guidelines on what IDs are acceptable, or how many are required, however, it is generally expected that each participant will be able to provide some sort of government issued photo identification, such as driver's license, passport, etc., matching the name on their key.  It is up to the other participants whether or not they will accept your identification.


== Uploading your key to a keyserver ==
To upload your key, do <code>gpg --keyserver keys.bz --send-keys 0xYOURKEYID</code>
To upload your key, do <code>gpg --keyserver keys.bz --send-keys 0xYOURKEYID</code>


(Virginia Tech also operates a keyserver at <code>keyserver.cns.vt.edu</code>.)
(Virginia Tech also operates a keyserver at <code>keyserver.cns.vt.edu</code>.)


== CAcert Assurance ==
There will also be a [[FUDCon:Blacksburg_2012_CAcert_Assurance_Event|CAcert Assurance event]].
There will also be a [[FUDCon:Blacksburg_2012_CAcert_Assurance_Event|CAcert Assurance event]].


== Key List ==
{|
{|
! Name !! FAS Username !! Key ID !! Fingerprint
! Name !! FAS Username !! Key ID !! Fingerprint
Line 107: Line 165:
|-
|-
|Justin M. Forbes || jforbes || 0x07D2F8B4 || 69C2 14E0 B69C 22FD 9BAB  91FE E0D3 C9EF 07D2 F8B4
|Justin M. Forbes || jforbes || 0x07D2F8B4 || 69C2 14E0 B69C 22FD 9BAB  91FE E0D3 C9EF 07D2 F8B4
|-
| Garrett Holmstrom || gholms || 0xDF044293 || 73CF 446C 8F09 A9DB 9D44  A020 9278 34B6 DF04 4293
|-
| Garrett Holmstrom (work) || gholms || 0x188C6D38 || A915 7737 6560 BA04 505E  7888 6EAC 46AB 188C 6D38
|-
| Philip Balister ||  || 0xEBD267AB || 0534 2F35 0245 67E9 EF18 3CA5 C0C9 778A EBD2 67AB
|-
| Josh Boyer || jwboyer || 0x2486CFD6 || 4CDE 8575 E547 BF83 5FE1  5807 A31B 6BD7 2486 CFD6
|-
| Scott Suehle || kilted1 || 0xD39BE61C || E3C7 A18F 384D 8DB7 D607  FE0C 1EF7 F717 D39B E61C
|-
| Xavier Lamien || laxathom || 0xC8391120 || 49B2 05EE 089A BF1D BFF4  BBED AC7C 50F3 C839 1120
|-
|-
! Name !! FAS Username !! Key ID !! Fingerprint
! Name !! FAS Username !! Key ID !! Fingerprint

Latest revision as of 18:26, 15 May 2013

Followup

This section was added after the keysigning and contains some useful followup information.

Original Page

The signup deadline has passed
If you still want to participate, bring about 60 slips with your key's fingerprint printed or neatly written on it.

There will be a GPG Key Signing Event held at FUDCon Blacksburg 2012 on Saturday, January 14th, at 1700 (5pm). There will also be a CAcert Assurance event held at 1600 (4pm), immediately preceding this event.

Please sign up below and make sure your key is available on the public keyserver network or make a note here with the url if it is not.

Notice of change

Nick and I are working through the last minute logistics that goes along with the event. We hadn't planned on this event event being so popular! With this in mind we have decided to change the way we are doing the key verifications. Originally we were planning on each person, individually, standing up and reading their key aloud while everyone else verified the paper copy provided for the event. This procedure is used most often and is the most secure. The problem is we now have forty-four forty-nine keys to be signed! That's going to take a while!

For larger parties the recommended procedure is the "hash-based method". The keys will still be provided to everyone on paper. The file will be digitally signed (and electronic versions of the document will be made available). At the event everyone verifies that *their* key is listed correctly on the paper and then the host will read the hash to everyone so that everyone can verify that their copy is correct and has not been modified. Once this happens and everyone is satisfied that they have the correct list of keys then we check everyone's identification.

If anyone has any concern about this procedure please let us know *now* so we can address this.

key and fingerprint list

key and fingerprint list sha256sum

keyring to import

Things to bring to the event:

  1. Yourself
  2. At least one government issued photo ID
  3. Your key's fingerprint
  4. A pen/pencil or whatever you'd like to write with....
  5. NO computer (or at least leave it in your bag or something, you don't need to actually sign the keys right then)

Why shouldn't I bring a computer?

There are a variety of reasons, why you don't want to do this. The short answer is it would be insecure, unsafe, and of no benefit. For those not convinced, here are some reasons why it is insecure, unsafe, and of no benefit.

  • If people are carrying their secret keys with them and intend to do the signing at the actual meeting by typing their passphrase into a computer, then they are open to key-logging attacks, shoulder-surfing, etc.
  • Someone might spill $beverage on it.
  • Someone might drop it or knock it off the table.
  • Etc

Keysigning Procedure

  1. Generate a key/Remember your pass phrase
  2. All attendees send their public keys to a public keyserver. For this party, we'll use keys.bz or keys.christensenplace.us. If for some reason you don't want your key to be in a public keyserver, but still want to participate, please let me know.
  3. All attendees posts their fingerprint to this wiki page (see below). The event coordinator will compile everyone's key information.
  4. The host prints a list with everyone's fingerprint from the compiled keyrings and distributes copies of the printout at the meeting.
  5. Attend the party. Bring along a paper copy of your fingerprint that you obtained from your own keyring. You must also bring along a suitable photo ID. Instruct the attendees at the beginning that they are to make two marks on the listing, one for correct key information and one if the ID check is ok.
  6. At the meeting the host will distribute the key forms and a hash of that form (also available from this wiki page). The host will read the hash key out so that everyone can verify they have the same file. Everyone will verify that their fingerprint is correct on the form. Once everyone has verified these two pieces of information we will start with the identifications.
  7. After everyone has read his key ID information, have all attendees form a line.
  8. The first person walks down the line having every person check his ID.
  9. The second person follows immediately behind the first person and so on.
  10. If you are satisfied that the person is who they say they are, and that the key on the printout is theirs, you place another check-mark next to their key on your printout.
  11. Once the first person cycles back around to the front of the line he has checked all the other IDs and his ID has been checked by all others.
  12. After everybody has identified himself or herself the formal part of the meeting is over. You are free to leave or to stay and discuss matters of PGP and privacy (or anything else) with fellow PGP users. If everyone is punctual the formal part of the evening should take less than an hour.
  13. After confirming that the key information on the key server matches the printout that you have checked, sign the appropriate keys. Keys can only be signed if they have two check-marks.
  14. Send the signed keys back to the keyservers.
  15. Use those keys as often as possible.

Acceptable Identification

We are not providing specific guidelines on what IDs are acceptable, or how many are required, however, it is generally expected that each participant will be able to provide some sort of government issued photo identification, such as driver's license, passport, etc., matching the name on their key. It is up to the other participants whether or not they will accept your identification.

Uploading your key to a keyserver

To upload your key, do gpg --keyserver keys.bz --send-keys 0xYOURKEYID

(Virginia Tech also operates a keyserver at keyserver.cns.vt.edu.)

CAcert Assurance

There will also be a CAcert Assurance event.

Key List

Name FAS Username Key ID Fingerprint
Nicholas E. Bebout nb 0x154FDAF0 8D9D C33B 8C30 5BBF 6E91 E783 9EF9 FA30 154F DAF0
Nicholas E. Bebout nb 0x110810E9 167B 4A54 236B BEAA 37DC CD92 ED14 D5E7 1108 10E9
Toshio Kuratomi toshio 0xCD84EE48 1289 DAF3 C7FC 1108 C77D ADD9 5FAC 8089 CD84 EE48
Jared Smith jsmith 0x210BDF5A 1E46 74AA A394 0EAA 6596 FDF0 7D9D 159F 210B DF5A
Kevin Fenzi kevin 0x34E36341 A6EA F625 0EBB F132 A8A9 32AD DE29 827B 34E3 6341
Eric Christensen sparks 0x024BB3D1 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
Perry Myers pmyers 0xE65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D
Dan Walsh dwalsh 0x8329A1B3 A868 816A C8BF B50C 6F44 63DF AE56 2F13 8329 A1B3
Klaatu klaatu 0x5000280F 45AE 6061 3BC8 EF6C 07BF CB39 1D97 D65F 5000 280F
Ricky Elrod codeblock 0xDAD3DF0E 9739 5A0F BDC8 1D20 A137 CDCC 0027 10B0 DAD3 DF0E
Matt Domsch mdomsch 0x92F0FC09 17A4 17D0 81F5 4B5F DB1C AEF8 21AB EEF7 92F0 FC09
Phil Benchoff n3pb 0xFA6C4994 5CD5 EFA3 E1C5 20B1 B0ED E38C 8337 8A94 FA6C 4994
Chuck Frain chuck 0xB2420431 2045 8609 1674 BE49 AD89 0661 5726 2343 B242 0431
Simon Sekidde sekidde 0x94BC377E 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
Luke Macken lmacken 0x390EBBB9 FFFF CD40 89FE 8E6F C38D A9D9 46C9 B778 390E BBB9
Richard B. Tilley (Brad) rtilley 0x6EF4DA92 2BC7 DF02 5E52 8660 95E5 769C 13E0 F3DE 6EF4 DA92
Thomas Weeks (Tweeks) tweeks 0x750152F1 5A27 DABA EEBC 63A5 2A46 0D78 2757 662F 7501 52F1
Richard W. Godbee, Jr. rwg 0xD1F5C478 C8DB B3B6 352E 8760 8FA2 3BE2 3C32 C580 D1F5 C478
Ben Boeckel mathstuf 0x57E02D57 F4C9 5FFD 6EA4 F7F1 2E19 5865 A6B1 6AF5 57E0 2D57
Ben Boeckel (work) mathstuf 0xD72AD0EF D49F D289 AB5F 09DE 28FB 8006 011B D2DB D72A D0EF
Mark Walker marwalk 0xAA482E46 D780 2F66 B08D 739D 3BF0 2468 7C22 870D AA48 2E46
James Schwinabart mutantmonkey 0x3A7676E7 384E 1FED 4AFE 4843 5432 77E5 D7CE BBD3 3A76 76E7
Christoph Wickert cwickert 0x1999A427 8BFD B656 3415 D8DA 559F 1478 1AAC 3E75 1999 A427
Christoph Wickert (work) cwickert 0x85DACC63 4531 6312 111F 6582 A19F 27A2 168B 6216 85DA CC63
Jeroen van Meeuwen kanarip 0x9342BF08 C6B0 7FB4 43E6 CDDA D258 F70B 28DE 9FDA 9342 BF08
Colin Walters walters 0xAE087291 1CEC 7A9D F7DA 85AB EF84 3DC0 A866 D7CC AE08 7291
Thom Carlin thom 0x1285BE7C AE19 E8EF BC0B 87E5 FA56 3B9E 8870 B778 1285 BE7C
Clint Savage herlo 0x62A2258E 8C10 443D 7F49 A694 018C A2DD 7D27 D8A2 62A2 258E
Russell Herrold 0x9B649644 A866 9FF9 8185 0EE6 5EF1 FDA8 3118 7541 9B64 9644
Russell Herrold (centos) 0x5B7CBD2B 6CFB 553C 3577 6F5E BCBC 56D4 2AD4 FF5D 5B7C BD2B
Kaleb KEITHLEY (work) kkeithle 0x89CCAE8B 9BD4 D907 FA55 4FC8 B4A3 716F 3730 DD49 89CC AE8B
Russell Bryant russellb 0x8B3D4806 2EA1 5068 05EE 0C83 2174 0A73 160F 5FB7 8B3D 4806
Brian C. Lane bcl 0x9712C2CD 799F A3B6 AEF8 E9B4 D720 56D0 21FB 63FE 9712 C2CD
Brian C. Lane (work) bcl 0x8EFE3A7F B4C6 B451 E4FA 8B42 32CA 191E 117E 8C16 8EFE 3A7F
Paul W. Frields pfrields 0xBD113717 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
Mario J.G. Balletta chanchito 0xE9893915 63CB 5A18 11C8 88ED 1041 A213 4532 C153 E989 3915
Doug Ledford dledford 0x0E572FDD AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
Valdis Kletnieks (old key) valdis 0xB4D3D7B0 ECE4 41BA C3B5 3067 512B 7A1F 702D E559 B4D3 D7B0
Valdis Kletnieks (new key) valdis 0x835D13A0 8425 2010 28F1 AA8D 0F80 ADEF 0766 1105 835D 13A0
Peter Larsen bit4man 0xADCE143D A927 B0F6 85C2 C0D4 55D8 C003 1DB2 C39D ADCE 143D
Sid Wilroy sidwilroy 0x579415FE F843 0FBE BD63 D17F 7C0C 1161 44CD 007B 5794 15FE
Justin M. Forbes jforbes 0x07D2F8B4 69C2 14E0 B69C 22FD 9BAB 91FE E0D3 C9EF 07D2 F8B4
Garrett Holmstrom gholms 0xDF044293 73CF 446C 8F09 A9DB 9D44 A020 9278 34B6 DF04 4293
Garrett Holmstrom (work) gholms 0x188C6D38 A915 7737 6560 BA04 505E 7888 6EAC 46AB 188C 6D38
Philip Balister 0xEBD267AB 0534 2F35 0245 67E9 EF18 3CA5 C0C9 778A EBD2 67AB
Josh Boyer jwboyer 0x2486CFD6 4CDE 8575 E547 BF83 5FE1 5807 A31B 6BD7 2486 CFD6
Scott Suehle kilted1 0xD39BE61C E3C7 A18F 384D 8DB7 D607 FE0C 1EF7 F717 D39B E61C
Xavier Lamien laxathom 0xC8391120 49B2 05EE 089A BF1D BFF4 BBED AC7C 50F3 C839 1120
Name FAS Username Key ID Fingerprint

Back to FUDCon:Blacksburg_2012.