GPG Keysigning at FUDCon - INSTRUCTIONS

Mon Jan 7 23:14:15 UTC 2008

On Wed, Jan 02, 2008 at 09:13:32PM -0600, Matt Domsch wrote:
> On Wed, Jan 02, 2008 at 09:44:23PM -0500, Todd Zullinger wrote:
> > If you haven't seen it before, I'd recommend giving a look at the
> > "Efficient Group Key Signing Method" by Len Sassaman and Phil
> > Zimmermann, documented at http://sion.quickie.net/keysigning.txt
> > 
> > It cuts a lot of the tediousness out of a key signing involving more
> > than just a few people.
> 
> yep.  That's basically my plan. So far only ~14 people have sent me
> keys, so even bicycle chain won't take but a few minutes.  I'll email
> everyone who has sent keys, and fedora-devel, the instructions early
> next week for getting the plaintext list of keys, the keyring I've
> compiled from the sent fingerprints, the SHAx sums and the rest.

I've compiled the list of keys for the FUDCon keysigning.  These 20
are whom I have.  If you're not on this list, and still want to
participate, you may, details to follow.

pub  1024D/92F0FC09 2001-04-16 Matt Domsch <mdomsch at alum.mit.edu>
pub  1024D/BD113717 1997-09-19 Paul W. Frields <stickster at gmail.com>
pub  1024D/116521D9 2000-10-11 David Woodhouse (Insecure work key) <dwmw2 at redhat.com>
pub  1024D/93054260 2001-03-22 Tom Callaway (spot) <tcallawa at redhat.com>
pub  1024D/1728D29B 2007-12-15 Lee Lorentz (WB0TRA) <lee at wb0tra.no-ip.org>
pub  1024D/CCAF484E 2007-04-17 Ricky Zhou <ricky.zhou at gmail.com>
pub  1024D/99B1F444 2006-04-02 G. Wolfe Woodbury <ggw at wolves.durham.nc.us>
pub  1024D/7BB612C9 2001-06-02 Kevin Sonney (The Alchemist) <kevin at sonney.com>
pub  1024D/8929CFFC 2006-12-05 Chris Tyler <chris at tylers.info>
pub  1024D/ED00D312 2000-06-21 Douglas E. Warner <silfreed at silfreed.net>
pub  1536R/243A1329 1996-12-05 David Woodhouse <david at woodhou.se>
pub  1024D/2E3F0935 2007-05-29 Yaakov Nemoy <loupgaroublond at gmail.com>
pub  1024D/87EF16E8 2007-02-27 Tyler Owen <tyler.l.owen at gmail.com>
pub  1024D/7A47522D 2006-12-22 John Poelstra <poelcat at gmail.com>
pub  1024D/78688BF5 2002-10-03 Nalin Dahyabhai <nalin at dahyabhai.net>
pub  1024D/3B6A5B89 1999-09-16 Jack Neely <jjneely at ncsu.edu>
pub  2048R/BEAF0CE3 2006-07-04 Todd M. Zullinger <tmz at pobox.com>
pub  1024D/D74908ED 2007-12-31 Eric Harlan Christensen <eric at christensenplace.us>
pub  1024D/B05A59F7 2004-03-01 Dennis Gilmore <dennis at auroralinux.org>
pub  1024D/0D86AF59 2006-01-21 Jonathan Steffan (daMaestro) <jonathansteffan at gmail.com>

See the URL above for the process.  Before the keysigning, you _must_
download a copy of
  http://domsch.com/linux/fedora/fudcon2008/fudcon-keysigning.txt
and verify that your key is correct on there.  You'll be asked at the
keysigning to confirm that your key is correct in that file.

Second, you must run both sha1sum and md5sum on the
fudcon-keysigning.txt file, and validate that it in fact matches:

http://domsch.com/linux/fedora/fudcon2008/fudcon-keysigning.txt.md5sum
0c799b9b70cf87e0039631e0cfd1586a  fudcon-keysigning.txt

http://domsch.com/linux/fedora/fudcon2008/fudcon-keysigning.txt.sha1sum
d3fa0cda1d77cde8608c2506e88cb3cd60764c43  fudcon-keysigning.txt

At the keysigning, I'll read these values.  Everyone confirms they
match, therefore we know your key as listed in the keyring is what
everyone expects it to be.  Then we each, in order, show our IDs for
everyone to validate, and then each person can decide if they want to
sign that person's key.

After the keysigning, you can use a tool like caff from the pgp-tools
package to sign each person's key and mail it to them.

I'll see you all next Saturday!

Thanks,
Matt

-- 
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux