FST virtual key signing party on 2015-11-12

David Cafaro dac at cafaro.net
Thu Nov 5 16:03:04 UTC 2015


On 11/05/2015 10:57 AM, Eric Christensen wrote:
> Next week we'll do our virtual key signing party using Bluejeans[0] during our 
> normal meeting time.  We'll be using the Keysigning Party HOWTO[1] to help 
> organize the event of which I'm leaning toward the Hash Based Method[2].
>
> It's okay if you aren't comfortable using this method of keysigning but I did 
> want to make this available as an option to help extend trust among FST 
> members.
>
> If you want to participate please send me your PGP/GPG key fingerprint via a 
> signed and encrypted email to sparks at fedoraproject.org using my key 0x024BB3D1 
> (fingerprint 097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1).  Please also 
> make sure that your public key is available on the Fedora Key server[3].  When 
> I receive your fingerprint I'll add you to an invitation list where you will 
> receive a unique URL and passphrase to access the event.  This will hopefully 
> improve the integrity of the event.  Each participant will need to bring some 
> form of identification to the event.
>
> After the event I would highly recommend using caff[4] to sign and distribute 
> the signatures.  This tool encrypts the signature in an email which forces the 
> recipient to prove they have access to not only the email address but also the 
> key to obtain the signature.
>
> Question?  Did I miss anything?  Reply now!  Otherwise, please send me your 
> key fingerprints and we'll get this event going.
>
> Thanks!
>
> [0] Yeah, while not a FOSS solution, it at least supports Linux.  I really 
> couldn't find a good FOSS solution for this but am open to suggestions in the 
> future.
> [1] 
> http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
> [2] 
> http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#hash_based
> [3] https://keys.fedoraproject.org/
> [4] https://sparkslinux.wordpress.com/2014/06/21/signing-pgp-keys/

Hi Eric,

Great idea, but I do have problems with the ID part.  Given this is a
video solution which could be recorded and replayed by others, I'm
unable to show my legal ID in such a way it could be copied and used for
identity theft.  I could possibly show it in a redacted form, if that
was acceptable (hiding key pieces of information such as, address,
birth, id number, etc...).

Thanks,
David



More information about the security-team mailing list