GPG Keysigning at FUDCon - INSTRUCTIONS
Matt Domsch
Matt_Domsch at dell.com
Mon Jan 7 23:14:15 UTC 2008
On Wed, Jan 02, 2008 at 09:13:32PM -0600, Matt Domsch wrote:
> On Wed, Jan 02, 2008 at 09:44:23PM -0500, Todd Zullinger wrote:
> > If you haven't seen it before, I'd recommend giving a look at the
> > "Efficient Group Key Signing Method" by Len Sassaman and Phil
> > Zimmermann, documented at http://sion.quickie.net/keysigning.txt
> >
> > It cuts a lot of the tediousness out of a key signing involving more
> > than just a few people.
>
> yep. That's basically my plan. So far only ~14 people have sent me
> keys, so even bicycle chain won't take but a few minutes. I'll email
> everyone who has sent keys, and fedora-devel, the instructions early
> next week for getting the plaintext list of keys, the keyring I've
> compiled from the sent fingerprints, the SHAx sums and the rest.
I've compiled the list of keys for the FUDCon keysigning. These 20
are whom I have. If you're not on this list, and still want to
participate, you may, details to follow.
pub 1024D/92F0FC09 2001-04-16 Matt Domsch <mdomsch at alum.mit.edu>
pub 1024D/BD113717 1997-09-19 Paul W. Frields <stickster at gmail.com>
pub 1024D/116521D9 2000-10-11 David Woodhouse (Insecure work key) <dwmw2 at redhat.com>
pub 1024D/93054260 2001-03-22 Tom Callaway (spot) <tcallawa at redhat.com>
pub 1024D/1728D29B 2007-12-15 Lee Lorentz (WB0TRA) <lee at wb0tra.no-ip.org>
pub 1024D/CCAF484E 2007-04-17 Ricky Zhou <ricky.zhou at gmail.com>
pub 1024D/99B1F444 2006-04-02 G. Wolfe Woodbury <ggw at wolves.durham.nc.us>
pub 1024D/7BB612C9 2001-06-02 Kevin Sonney (The Alchemist) <kevin at sonney.com>
pub 1024D/8929CFFC 2006-12-05 Chris Tyler <chris at tylers.info>
pub 1024D/ED00D312 2000-06-21 Douglas E. Warner <silfreed at silfreed.net>
pub 1536R/243A1329 1996-12-05 David Woodhouse <david at woodhou.se>
pub 1024D/2E3F0935 2007-05-29 Yaakov Nemoy <loupgaroublond at gmail.com>
pub 1024D/87EF16E8 2007-02-27 Tyler Owen <tyler.l.owen at gmail.com>
pub 1024D/7A47522D 2006-12-22 John Poelstra <poelcat at gmail.com>
pub 1024D/78688BF5 2002-10-03 Nalin Dahyabhai <nalin at dahyabhai.net>
pub 1024D/3B6A5B89 1999-09-16 Jack Neely <jjneely at ncsu.edu>
pub 2048R/BEAF0CE3 2006-07-04 Todd M. Zullinger <tmz at pobox.com>
pub 1024D/D74908ED 2007-12-31 Eric Harlan Christensen <eric at christensenplace.us>
pub 1024D/B05A59F7 2004-03-01 Dennis Gilmore <dennis at auroralinux.org>
pub 1024D/0D86AF59 2006-01-21 Jonathan Steffan (daMaestro) <jonathansteffan at gmail.com>
See the URL above for the process. Before the keysigning, you _must_
download a copy of
http://domsch.com/linux/fedora/fudcon2008/fudcon-keysigning.txt
and verify that your key is correct on there. You'll be asked at the
keysigning to confirm that your key is correct in that file.
Second, you must run both sha1sum and md5sum on the
fudcon-keysigning.txt file, and validate that it in fact matches:
http://domsch.com/linux/fedora/fudcon2008/fudcon-keysigning.txt.md5sum
0c799b9b70cf87e0039631e0cfd1586a fudcon-keysigning.txt
http://domsch.com/linux/fedora/fudcon2008/fudcon-keysigning.txt.sha1sum
d3fa0cda1d77cde8608c2506e88cb3cd60764c43 fudcon-keysigning.txt
At the keysigning, I'll read these values. Everyone confirms they
match, therefore we know your key as listed in the keyring is what
everyone expects it to be. Then we each, in order, show our IDs for
everyone to validate, and then each person can decide if they want to
sign that person's key.
After the keysigning, you can use a tool like caff from the pgp-tools
package to sign each person's key and mail it to them.
I'll see you all next Saturday!
Thanks,
Matt
--
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux
More information about the fedora-devel-list
mailing list