Difference between revisions of "keysigning"

From LCA2015 Delegate wiki
Jump to: navigation, search
(Organisers and Partipants)
(After the keysigning)
 
(22 intermediate revisions by 18 users not shown)
Line 1: Line 1:
 +
{{Trail|Programme|BoF Sessions}}
 +
 
We will have a key signing party this year.
 
We will have a key signing party this year.
  
 
'''When''': Wednesday, 12:20 (during lunch)
 
'''When''': Wednesday, 12:20 (during lunch)
  
'''Where''': One of the lecture theatres (TBA)
+
'''Where''': Meet on grass in Owen Glenn Courtyard, then relocate to Case Room 3 for keysigning.
  
 
'''Key submission''': https://frase.id.au/lca2015
 
'''Key submission''': https://frase.id.au/lca2015
  
 +
 +
== After the keysigning ==
 +
 +
Only sign a key if:
 +
 +
* the name on a key matches the name on ID presented, ''and''
 +
* you are '''satisfied with the authority and authenticity''' of ID presented, ''and''
 +
* the fingerprint read out by the participant matches the keylist, ''and''
 +
* the fingerprint was not read off the keylist
 +
 +
Please configure GnuPG to use a strong hash when signing keys.  SHA256 is a good choice.
 +
 +
Participants were given the opportunity to state that they did not want keys/signatures
 +
uploaded to public keyservers.  None objected.
 +
 +
I ([[User:Fraser Tweedale|Fraser Tweedale]] ([[User talk:Fraser Tweedale|talk]])) personally only send
 +
encrypted signatures to the email address of the UID signed.  This has the advantage of ensuring
 +
that signatures on UIDs containing defunct email addresses do not become public.  This is default
 +
behaviour of caff and gcaff (see below).
 +
 +
=== Tools and resources ===
 +
 +
* Tool to automate key signing: https://wiki.debian.org/caff
 +
* Graphical signing tool (can be used to sign photo uids): https://github.com/frasertweedale/gcaff
 +
* Hardened gpg.conf settings: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
 +
* More information on signing keys efficiently and correctly: https://www.azabani.com/2014/01/07/after-pgp-key-signing-parties.html
  
 
== Format ==
 
== Format ==
Line 54: Line 82:
 
* [[User:Arkady Gundroff|Arkady Gundroff]]
 
* [[User:Arkady Gundroff|Arkady Gundroff]]
 
* [[User:Delan Azabani|Delan Azabani]]
 
* [[User:Delan Azabani|Delan Azabani]]
 +
* [[User:Tim Potter|Tim Potter]]
 +
* [[User:Craige McWhirter|Craige McWhirter]]
 +
* [[User:Kye Russell|Kye Russell]]
 +
* [[User:Ewen McNeill|Ewen McNeill]]
 +
* [[User:Aaron Theodore|Aaron Theodore]]
 +
* [[user:Aníbal Monsalve Salazar|Aníbal Monsalve Salazar]]
 +
* [[User:Russell Coker|Russell Coker]]
 +
* [[User:Leroy Hopson|Leroy Hopson]]
 +
* [[User:Tim Stoakes|Tim Stoakes]]
 +
* [[User:Jason Lewis|Jason Lewis]]
 +
* [[User:Travis Holton|Travis Holton]]
 +
* [[User:Srdan Dukic|Srdan Dukic]]
 +
* [[User:Kevin Tran|Kevin Tran]]
 +
* [[User:Daniel Rossbach|Daniel Rossbach]]

Latest revision as of 11:57, 14 January 2015

< Main Page < Programme < BoF Sessions


We will have a key signing party this year.

When: Wednesday, 12:20 (during lunch)

Where: Meet on grass in Owen Glenn Courtyard, then relocate to Case Room 3 for keysigning.

Key submission: https://frase.id.au/lca2015


After the keysigning

Only sign a key if:

  • the name on a key matches the name on ID presented, and
  • you are satisfied with the authority and authenticity of ID presented, and
  • the fingerprint read out by the participant matches the keylist, and
  • the fingerprint was not read off the keylist

Please configure GnuPG to use a strong hash when signing keys. SHA256 is a good choice.

Participants were given the opportunity to state that they did not want keys/signatures uploaded to public keyservers. None objected.

I (Fraser Tweedale (talk)) personally only send encrypted signatures to the email address of the UID signed. This has the advantage of ensuring that signatures on UIDs containing defunct email addresses do not become public. This is default behaviour of caff and gcaff (see below).

Tools and resources

Format

  • Zimmermann–Sassaman key-signing protocol
    • Ideally Sassaman-projected, if there is a document projector available (likely).
  • We will have access to printing facilities, however:
    • Supplying printed keylists to participants will require all participants to recite fingerprint in full or provide physical copies of fingerprint. If level of participation is high this could take a long time!
    • Participants could verify and print keylist themselves prior to event, but requring such preparation could exclude some participants.

Collecting keys:

  • Please submit your keys at: https://frase.id.au/lca2015
  • include the fingerprint on your wiki page? (Fraser Tweedale (talk) 12:32, 17 December 2014 (AEDT) dubious. I wouldn't sign a key without a copy/recital of fingerprint from owner or assertion that reproduction in hashed/MAC'd keylisting is correct)

New to PGP?

OpenPGP is an end-to-end privacy protocol based on public key cryptography. Unlike X.509, the public key infrastructure used to secure the web, OpenPGP uses a "web of trust" model where individuals verify others' identity and "sign" their keys. A signature is a cryptographic assertion that a key with a given user ID (uid) is actually owned by that person.

GnuPG is a free OpenPGP implementation available for most operating systems. Check out the How-To guide to get started. If you are going to create a new key, do also check out riseup.net OpenPGP Best Practices.


Organisers and Participants

I would like to help organise things:

I would like to attend (see also official list of submitted keys)