[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: GPG Keysigning at FUDCon - INSTRUCTIONS



On Wed, Jan 02, 2008 at 09:13:32PM -0600, Matt Domsch wrote:
> On Wed, Jan 02, 2008 at 09:44:23PM -0500, Todd Zullinger wrote:
> > If you haven't seen it before, I'd recommend giving a look at the
> > "Efficient Group Key Signing Method" by Len Sassaman and Phil
> > Zimmermann, documented at http://sion.quickie.net/keysigning.txt
> > 
> > It cuts a lot of the tediousness out of a key signing involving more
> > than just a few people.
> 
> yep.  That's basically my plan. So far only ~14 people have sent me
> keys, so even bicycle chain won't take but a few minutes.  I'll email
> everyone who has sent keys, and fedora-devel, the instructions early
> next week for getting the plaintext list of keys, the keyring I've
> compiled from the sent fingerprints, the SHAx sums and the rest.


I've compiled the list of keys for the FUDCon keysigning.  These 20
are whom I have.  If you're not on this list, and still want to
participate, you may, details to follow.

pub  1024D/92F0FC09 2001-04-16 Matt Domsch <mdomsch alum mit edu>
pub  1024D/BD113717 1997-09-19 Paul W. Frields <stickster gmail com>
pub  1024D/116521D9 2000-10-11 David Woodhouse (Insecure work key) <dwmw2 redhat com>
pub  1024D/93054260 2001-03-22 Tom Callaway (spot) <tcallawa redhat com>
pub  1024D/1728D29B 2007-12-15 Lee Lorentz (WB0TRA) <lee wb0tra no-ip org>
pub  1024D/CCAF484E 2007-04-17 Ricky Zhou <ricky zhou gmail com>
pub  1024D/99B1F444 2006-04-02 G. Wolfe Woodbury <ggw wolves durham nc us>
pub  1024D/7BB612C9 2001-06-02 Kevin Sonney (The Alchemist) <kevin sonney com>
pub  1024D/8929CFFC 2006-12-05 Chris Tyler <chris tylers info>
pub  1024D/ED00D312 2000-06-21 Douglas E. Warner <silfreed silfreed net>
pub  1536R/243A1329 1996-12-05 David Woodhouse <david woodhou se>
pub  1024D/2E3F0935 2007-05-29 Yaakov Nemoy <loupgaroublond gmail com>
pub  1024D/87EF16E8 2007-02-27 Tyler Owen <tyler l owen gmail com>
pub  1024D/7A47522D 2006-12-22 John Poelstra <poelcat gmail com>
pub  1024D/78688BF5 2002-10-03 Nalin Dahyabhai <nalin dahyabhai net>
pub  1024D/3B6A5B89 1999-09-16 Jack Neely <jjneely ncsu edu>
pub  2048R/BEAF0CE3 2006-07-04 Todd M. Zullinger <tmz pobox com>
pub  1024D/D74908ED 2007-12-31 Eric Harlan Christensen <eric christensenplace us>
pub  1024D/B05A59F7 2004-03-01 Dennis Gilmore <dennis auroralinux org>
pub  1024D/0D86AF59 2006-01-21 Jonathan Steffan (daMaestro) <jonathansteffan gmail com>


See the URL above for the process.  Before the keysigning, you _must_
download a copy of
  http://domsch.com/linux/fedora/fudcon2008/fudcon-keysigning.txt
and verify that your key is correct on there.  You'll be asked at the
keysigning to confirm that your key is correct in that file.

Second, you must run both sha1sum and md5sum on the
fudcon-keysigning.txt file, and validate that it in fact matches:

http://domsch.com/linux/fedora/fudcon2008/fudcon-keysigning.txt.md5sum
0c799b9b70cf87e0039631e0cfd1586a  fudcon-keysigning.txt

http://domsch.com/linux/fedora/fudcon2008/fudcon-keysigning.txt.sha1sum
d3fa0cda1d77cde8608c2506e88cb3cd60764c43  fudcon-keysigning.txt

At the keysigning, I'll read these values.  Everyone confirms they
match, therefore we know your key as listed in the keyring is what
everyone expects it to be.  Then we each, in order, show our IDs for
everyone to validate, and then each person can decide if they want to
sign that person's key.

After the keysigning, you can use a tool like caff from the pgp-tools
package to sign each person's key and mail it to them.

I'll see you all next Saturday!

Thanks,
Matt

-- 
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]