LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives


NORDNOG Archives

NORDNOG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave NORDNOG
Reply | Post New Message
Search Archives


Subject: Another -- Keysigning party procedure -- at last!
From: Måns Nilsson <[log in to unmask]>
Reply-To:Network management discussion for Nordic region <[log in to unmask]>
Date:Tue, 11 Feb 2003 21:33:04 +0100
Content-Type:multipart/signed
Parts/Attachments:
Parts/Attachments

text/plain (98 lines) , application/pgp-signature (186 bytes)


(The last mail was sent with a slightly b0rken signature, and realising the 
 extreme footshot potential b0rken sigs on email about PGP parties carry, 
 I resubmit this, but signed with an earlier gpg version. Apologies)

Hello,

This is the procedure for the key signing party at NordNOG 2, and more
specifically, what you need to do before you arrive. 

        (Instructions are for GnuPG, because that is what I know. You will
         have to find out how to perform this yourself in other PGP
systems. 
        )

1. Submit your key to a key-server. For this particular exercise, I 
   reccommend "pgp.mit.edu". If you for whatever reason use another 
   keyserver, be sure to tell me which in the mail you send me.
   The command  

        "gpg --keyserver pgp.mit.edu --send-keys DEADBEEF"

   will do this if you run GnuPG and have the key ID DEADBEEF (latter 
   not likely...)

2. Prepare an email to "[log in to unmask]" (NOT the Nordnog list!) with 
   subject "PGP Party" and contents:

        * email and name associated with the key. 
        * Key hexadecimal ID
        * Key fingerprint 
        * any sub id's. 

   The command "gpg --fingerprint [log in to unmask]" will get
   this info for you. (if your userid is [log in to unmask] Alter
   to suit.) 
   Documents on the Web tell me that "pgp -kvc [log in to unmask]"
   will do that for PGP, but YMMV. Any NordNoggers more versed in PGP ops
   might want to chime in. 

3. Also, print this data on paper. Or, bring the key on your own laptop. 
   Anything you trust, basically. 

4. Bring yourself, said paper, a pen, and photo ID to the key party. 

I will compile a list of received keys and print their ID / fingerprints on
a handout for the party. Keys received up to 1700 MET Wednesday 2002-02-12
will be included. 

5. At the party we will do like this:
        (stolen from the party FAQ,
         http://www.cryptnet.net/fdp/crypto/gpg-party.html)
 
# Each key owner reads his key ID, key type, fingerprint, key size, and
user ID from his own printout, not from the distributed listing. This is
because there could be an error, intended or not, on the listing. This is
also the time to tell which ID's to sign or not. If the key information
matches your printout then place a check-mark by the key.
# After everyone has read their key ID information, have all attendees form
a line.
# The first person walks down the line having every person check his ID.
# The second person follows immediately behind the first person and so on.
# If you are satisfied that the person is who they say they are, and that
the key on the printout is theirs, you place another check-mark next to
their key on your printout.
# Once the first person cycles back around to the front of the line he has
checked all the other IDs and his ID has been checked by all others.
# After everybody has identified himself or herself the formal part of the
meeting is over. You are free to leave or to stay and discuss matters of
PGP and privacy (or anything else) with fellow PGP users. If everyone is
punctual the formal part of the evening should take less than an hour.
# After confirming that the key information on the key server matches the
printout that you have checked, sign the appropriate keys. Keys can only be
signed if they have two check-marks.
# Send the signed keys back to the keyservers.
# Use those keys as often as possible.

Sending and signing keys:

        gpg --sign-key [log in to unmask]

signs a key with the default private key. 

        gpg --keyserver pgp.mit.edu --send-keys [log in to unmask] [log in to unmask]

sends the keys for luser and sysop to the keyserver at MIT. There is no use
sending unsigned keys. 

The aforementioned FAQ, <http://www.cryptnet.net/fdp/crypto/gpg-party.html>
does tell about this much better than can I. Consult it if you have further
questions. 


-- 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

Back to: Top of Message | Previous Page | Main NORDNOG Page

Permalink



LISTSRV.NORDU.NET

CataList Email List Search Powered by the LISTSERV Email List Manager