Keysigning bof

From LCA2016 Delegate wiki
Revision as of 11:37, 28 January 2016 by Frase@frase.id.au (Talk | contribs) (Things you need to before you leave for the conference.)

Jump to: navigation, search

This year like all years we should have a key signing party. This is likely to be scheduled for one of the slots on Tuesday.

Please submit your keys through the following website before Monday 1/2/2016

I will try and have printed copies of the keys on the day but it would be useful to know how many copies to have printed. If you could send an email to Daniel Sobey to give a rough idea on numbers.

When is it?

Currently planning on running this on Tuesday night first slot. Keep an eye on Birds_of_a_Feather_sessions_(BoFs) for times.

Things you need to before you leave for the conference.

  • Create a gpg key!
  • Submit it to https://keysigning.xyz before the due date of Monday night
  • Bring good quality photo id.
    • Good quality means passport, drivers licence, proof of age card
    • bad quality is library card etc.
    • There is no "rule" as to what is acceptable quality - it is up to each individual signer to determine what is "good enough" photo ID, how closely the names should match the UID(s) on the key, etc.
  • print out your fingerprint (not just the last 8 digits) so you can confirm that it is what you submitted
  • Have extra copies of your fingerprint to hand out, print it on your business card if you have one.

At the event

Everyone will stand up the front show their photo id and read out their fingerprint. This is to assert two things:

  • The person matches the photo id
  • The key submitted is the key they actually own.
  • There should hopefully be printed copies of fingerprints. Cross off numbers in the fingerprint as they are read out if they match to be signed later.

After the event

Sign the keys when you get home, no need to do it during the conference. caff is a useful tool to sign and email.


Things to remember

  • The organizer could be evil, don't trust him, he has a beard.
  • sign only the keys you have verified to your own standard, trust no one.
  • don't trust the printouts, they could have been modified to mess with you and they could all be different.
  • don't trust all the keys, there may be a fake key with the same email address as someone else to see who is paying attention.
  • And remember [Responsible Behavior]

Responsible behavior.png