Next week we'll do our virtual key signing party using Bluejeans[0] during our
normal meeting time. We'll be using the Keysigning Party HOWTO[1] to help
organize the event of which I'm leaning toward the Hash Based Method[2].
It's okay if you aren't comfortable using this method of keysigning but I did
want to make this available as an option to help extend trust among FST
members.
If you want to participate please send me your PGP/GPG key fingerprint via a
signed and encrypted email to sparks(a)fedoraproject.org using my key 0x024BB3D1
(fingerprint 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1). Please also
make sure that your public key is available on the Fedora Key server[3]. When
I receive your fingerprint I'll add you to an invitation list where you will
receive a unique URL and passphrase to access the event. This will hopefully
improve the integrity of the event. Each participant will need to bring some
form of identification to the event.
After the event I would highly recommend using caff[4] to sign and distribute
the signatures. This tool encrypts the signature in an email which forces the
recipient to prove they have access to not only the email address but also the
key to obtain the signature.
Question? Did I miss anything? Reply now! Otherwise, please send me your
key fingerprints and we'll get this event going.
Thanks!
[0] Yeah, while not a FOSS solution, it at least supports Linux. I really
couldn't find a good FOSS solution for this but am open to suggestions in the
future.
[1]
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
[2]
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.h...
[3]
https://keys.fedoraproject.org/
[4]
https://sparkslinux.wordpress.com/2014/06/21/signing-pgp-keys/
--Eric