[ale] PGP / GPG Keysigning party... Upload your key now! ALE-NW

Fri Nov 18 08:42:08 EST 2011

The ALE-NW group has room J110 at SPSU reserved for 12/8 if we need a location
to key-validate. We are not planning a meeting for that evening, so it should be
available. We just need to let Orlando know our plans.

It is not the ideal place for a party, however.

BTW, the gpg public key export command that I used was:
$ gpg --armor --export {your key sig} > public.key.tmp

Let the uploads begin!

On 11/18/2011 01:23 AM, Michael H. Warfield wrote:
> Everyone!
> 
> As discussed at tonight's ALE Central Meeting and at the after meeting
> meeting, we are working on a PGP keysigning party for December.
> 
> Pursuant to that, I have set up a listing at BigLumber,
> <http://biglumber.com>, a site dedicated to promoting PGP keysigning
> parties.  Please feel free to register up there if you wish to host /
> coordinate parties or if you wish to do individual key signings.
> Registration is NOT required to merely participate in a keysigning party
> - registration is only required for organizers and listers.  The Forum
> of Incident Response Securty Teams (FIRST - http://www.first.org) has
> used this site for years coordinating our PGP keysigning events.
> 
> In anticipation of the keysigning event, you should add your key to our
> keyring here:
> 
> http://biglumber.com/x/web?keyring=4254
> 
> You will see a text listing of our complete keyring with the key ids,
> the owner uids and the key fingerprints.
> 
> Just paste your public key into the text window or browse to a file of
> it and then hit "submit query" (yeah, I know it's kinda weird and
> confusing and it confused me the first time too).  Your key will be
> added and you will see a complete listing of the current keys on this
> keyring (currently just my two) after you go back and hit "refresh".  We
> will print out copies of the keyring for the keysigning party and you
> can then "check off" people you verify.
> 
> When we have gone through the keysigning party itself, you can then
> download the entire keyring from BigLumber, import it, and sign those
> keys which you have personally verified.  DO NOT sign any keys on the
> keyring you have not personally identified and verified at the party!
> That's the very principle of the web of trust!  The keyring is public
> and visible and anyone can add their key to it and can download the
> entire keyring.
> 
> After signing keys you've verified, you can send the signed keys to
> their owners or update the public keyrings as you wish.  You can also
> update the signatures at BigLumber by uploading the signed keys to the
> keyring as well.
> 
> Please use the final keyring after the party to actually do signatures
> as people will be adding keys up to the last moment or you may miss
> some.  By the same token, if people show up who have not uploaded their
> keys by the time of the keysigning party, it is NOT TOO LATE but do NOT
> be tardy after!
> 
> Even if you are NOT SURE you will be able to attend, please upload your
> keys anyways!  It doesn't hurt.  You won't be breaking any protocol.
> You won't be subject to any SPAM.  If you think there is any remote
> possibility you might be there and might like to pick up a FEW
> signatures, upload your key ASAP so you won't forget!
> 
> You will not HAVE TO use BigLumber.  There's always a few who forget
> (please DON'T - it makes things go sooooo much faster and easier) or who
> just generated new keys.  Even if you have not uploaded your key to
> BigLumber, you can still attend the party.  Please bring either business
> cards, or PGP cards, or even strips of paper with your key id and
> fingerprint printed on it and we will make due.  I WILL have a stack of
> my own, just in case.  BUT...  If you can, please use BigLumber and help
> us build the keyring as much in advance as you possibly can!
> 
> To make this happen in December, we start now.  Let the uploads begin!
> 
> Regards,
> Mike