FST virtual key signing party on 2015-11-12

Eric Christensen sparks at fedoraproject.org
Thu Nov 5 15:57:08 UTC 2015


Next week we'll do our virtual key signing party using Bluejeans[0] during our 
normal meeting time.  We'll be using the Keysigning Party HOWTO[1] to help 
organize the event of which I'm leaning toward the Hash Based Method[2].

It's okay if you aren't comfortable using this method of keysigning but I did 
want to make this available as an option to help extend trust among FST 
members.

If you want to participate please send me your PGP/GPG key fingerprint via a 
signed and encrypted email to sparks at fedoraproject.org using my key 0x024BB3D1 
(fingerprint 097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1).  Please also 
make sure that your public key is available on the Fedora Key server[3].  When 
I receive your fingerprint I'll add you to an invitation list where you will 
receive a unique URL and passphrase to access the event.  This will hopefully 
improve the integrity of the event.  Each participant will need to bring some 
form of identification to the event.

After the event I would highly recommend using caff[4] to sign and distribute 
the signatures.  This tool encrypts the signature in an email which forces the 
recipient to prove they have access to not only the email address but also the 
key to obtain the signature.

Question?  Did I miss anything?  Reply now!  Otherwise, please send me your 
key fingerprints and we'll get this event going.

Thanks!

[0] Yeah, while not a FOSS solution, it at least supports Linux.  I really 
couldn't find a good FOSS solution for this but am open to suggestions in the 
future.
[1] 
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
[2] 
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#hash_based
[3] https://keys.fedoraproject.org/
[4] https://sparkslinux.wordpress.com/2014/06/21/signing-pgp-keys/

--Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/security-team/attachments/20151105/68dc34f2/attachment-0001.sig>


More information about the security-team mailing list