Difference between pages "CACert BoF/Assurance" and "keysigning"

From LCA2015 Delegate wiki
(Difference between pages)
Jump to: navigation, search
(Assurers)
 
(Organisers and Partipants)
 
Line 1: Line 1:
Organised by [[User:Jim_Cheetham|Jim Cheetham]], the CACert Bof/Assurance session is aiming to be :-
+
We will have a key signing party this year.
  
* Introduction to the CACert Community
+
== Format ==
* Description of the Assurance process
+
* Assurance of new members by Assurers
+
* Mutual assurance by Members
+
  
If you wish to become a Member and to get Assured, please consider registering with CACert.org *before* the BoF session, and bringing along pre-printed CAP forms to speed things up. https://www.cacert.org/index.php?id=1 will help to get you started.
+
* Ad-hoc, print out your key on a piece of paper / business card and hand it out to everyone
 +
* [http://en.wikipedia.org/wiki/Zimmermann%E2%80%93Sassaman_key-signing_protocol Zimmermann–Sassaman key-signing protocol]
 +
** Ideally Sassaman-projected, if there is a document projector available.
 +
* We will have access to printing facilities, however:
 +
** Supplying printed keylists to participants will require all participants to recite fingerprint in full or provide physical copies of fingerprint.  If level of participation is high this could take a long time!
 +
** Participants could verify and print keylist themselves prior to event, but requring such preparation could exclude some participants.
  
Please remember that CACert requires validation of Identity backed by government-issued documents. Real named need to be used, and represented *in their entirety* by the accompanying document. If your ID lists you as "Joe Q. Bloggs" you cannot use that to assert the identity of "Joe Quentin Bloggs", but you can use it to assert "Joe Bloggs". See https://wiki.cacert.org/PracticeOnNames for more details.
+
Collecting keys:
 +
 
 +
* Please submit your keys at: https://frase.id.au/lca2015
 +
* include the fingerprint on your wiki page? ''([[User:Fraser Tweedale|Fraser Tweedale]] ([[User talk:Fraser Tweedale|talk]]) 12:32, 17 December 2014 (AEDT) dubious. I wouldn't sign a key without a copy/recital of fingerprint from owner or assertion that reproduction in hashed/MAC'd keylisting is correct)''
 +
 
 +
== New to PGP? ==
 +
 
 +
OpenPGP is an end-to-end privacy protocol based on public key
 +
cryptography.  Unlike X.509, the public key infrastructure used
 +
to secure the web, OpenPGP uses a "web of trust" model where
 +
individuals verify others' identity and "sign" their keys. A
 +
signature is a cryptographic assertion that a key with a given
 +
user ID (uid) is actually owned by that person.
 +
 
 +
[https://gnupg.org/ GnuPG] is a free OpenPGP implementation
 +
available for most operating systems. Check out the
 +
[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html How-To guide]
 +
to get started.  If you are going to create a new key,
 +
do also check out
 +
[https://help.riseup.net/en/security/message-security/openpgp/best-practices riseup.net OpenPGP Best Practices].
 +
 
 +
 
 +
== Organisers and Partipants ==
 +
 
 +
I would like to help organise things:
  
====Assurers====
 
* [[User:Jim_Cheetham|Jim Cheetham]]
 
 
* [[user:Daniel Sobey|Daniel Sobey]]
 
* [[user:Daniel Sobey|Daniel Sobey]]
 +
* [[User:Fraser Tweedale|Fraser Tweedale]]
  
====Members====
+
I would like to attend (see also [https://keybase.io/frasertweedale official list of submitted keys])
Please sign up here to give us an indication of numbers of people requiring Assurance - it takes a few minutes to work through each one and requires actual physical paperwork.
+
  
* Phillip Smith
+
* [[user:Daniel Sobey|Daniel Sobey]]
 +
* [[User:Augur_.|<font color="#703931">'''ᏜᏠᎶᏠᏑ'''</font>]][[User_talk:Augur_.|<font size="4" color="#723a32">&#x2710;</font>]][[Special:Contributions/Augur_.|<font size="4" color="#723a32">&#x2315;</font>]] (I'm quite new to crypto, but want to learn how to run cryptoparties.)
 +
* [[User:Fraser Tweedale|Fraser Tweedale]]
 +
* [[User:Michael Schmitz|Michael Schmitz]]

Revision as of 09:39, 22 December 2014

We will have a key signing party this year.

Format

  • Ad-hoc, print out your key on a piece of paper / business card and hand it out to everyone
  • Zimmermann–Sassaman key-signing protocol
    • Ideally Sassaman-projected, if there is a document projector available.
  • We will have access to printing facilities, however:
    • Supplying printed keylists to participants will require all participants to recite fingerprint in full or provide physical copies of fingerprint. If level of participation is high this could take a long time!
    • Participants could verify and print keylist themselves prior to event, but requring such preparation could exclude some participants.

Collecting keys:

  • Please submit your keys at: https://frase.id.au/lca2015
  • include the fingerprint on your wiki page? (Fraser Tweedale (talk) 12:32, 17 December 2014 (AEDT) dubious. I wouldn't sign a key without a copy/recital of fingerprint from owner or assertion that reproduction in hashed/MAC'd keylisting is correct)

New to PGP?

OpenPGP is an end-to-end privacy protocol based on public key cryptography. Unlike X.509, the public key infrastructure used to secure the web, OpenPGP uses a "web of trust" model where individuals verify others' identity and "sign" their keys. A signature is a cryptographic assertion that a key with a given user ID (uid) is actually owned by that person.

GnuPG is a free OpenPGP implementation available for most operating systems. Check out the How-To guide to get started. If you are going to create a new key, do also check out riseup.net OpenPGP Best Practices.


Organisers and Partipants

I would like to help organise things:

I would like to attend (see also official list of submitted keys)