FST virtual key signing party on 2015-11-12
dac at cafaro.net
Thu Nov 5 16:03:04 UTC 2015
On 11/05/2015 10:57 AM, Eric Christensen wrote:
> Next week we'll do our virtual key signing party using Bluejeans during our
> normal meeting time. We'll be using the Keysigning Party HOWTO to help
> organize the event of which I'm leaning toward the Hash Based Method.
> It's okay if you aren't comfortable using this method of keysigning but I did
> want to make this available as an option to help extend trust among FST
> If you want to participate please send me your PGP/GPG key fingerprint via a
> signed and encrypted email to sparks at fedoraproject.org using my key 0x024BB3D1
> (fingerprint 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1). Please also
> make sure that your public key is available on the Fedora Key server. When
> I receive your fingerprint I'll add you to an invitation list where you will
> receive a unique URL and passphrase to access the event. This will hopefully
> improve the integrity of the event. Each participant will need to bring some
> form of identification to the event.
> After the event I would highly recommend using caff to sign and distribute
> the signatures. This tool encrypts the signature in an email which forces the
> recipient to prove they have access to not only the email address but also the
> key to obtain the signature.
> Question? Did I miss anything? Reply now! Otherwise, please send me your
> key fingerprints and we'll get this event going.
>  Yeah, while not a FOSS solution, it at least supports Linux. I really
> couldn't find a good FOSS solution for this but am open to suggestions in the
>  https://keys.fedoraproject.org/
>  https://sparkslinux.wordpress.com/2014/06/21/signing-pgp-keys/
Great idea, but I do have problems with the ID part. Given this is a
video solution which could be recorded and replayed by others, I'm
unable to show my legal ID in such a way it could be copied and used for
identity theft. I could possibly show it in a redacted form, if that
was acceptable (hiding key pieces of information such as, address,
birth, id number, etc...).
More information about the security-team