1998 Atlanta Linux Showcase
PGP Key Signing.
The 1998 Atlanta Linux Showcase is including a key signing
Birds-of-a-Feather (BOF) session to further introduce PGP keys to Web
of Trust. Showcase attendees may meet others who wish to have their
keys signed and can confirm owner identities via face-to-face protocols
(e.g., checking driver's licences).
After confirming someone's identity and key fingerprint, you can
then properly sign their keys, so that others may not have to perform this
step before using that person's key, assuming the potential key user
trusts you to certify keys. This helps in the efficiency of using
public keys for various functions, since being able to know that a key
really belongs to the indicated owner is important.
To help setup this session, I need to know (via E-mail will be fine)
if you are interested in participating in this keysigning. To help speed
things along at the session, I will collect the public keys of interested
parties beforehand, and make them available on a keyring on my web server
(path to be announced later at the show).
I will bring listings of the keys on that keyring, along with the
key fingerprints of each. Each BOF attendee can then identify themselves
to the other attendees, and verify the correct fingerprint for their own
key (so that everyone can verify that the keyring does indeed have the
correct key for that person). Each person on the list will do this in
turn, until all keys owners have been positively identified (we may have to
negotiate on what is "good" ID for certain cases), and all fingerprints
are verified. After that is done, each attendee can pick up the keyring at
their leisure and sign the key or keys that they wish to sign.
If desired, everyone can send the signed keys back to me; I will
act as a clearinghouse, collect all the keys and signatures, and issue
a final keyring which has all keys with all the signatures. I can also
send the final collection to the public keyservers as well.
We will try to have a procedure available to take care of users who
did not know about the BOF before coming to the the Showcase or otherwise
couldn't send me a key beforehand. It may be more difficult to help these
users get signatures on their keys.
Please let me know if you have any questions or comments.
PGP keys should be mailed to pgpbof@ale.org. Questions or comments
should be E-Mailed to mhw@wittsend.com. If you will put a Subject: of
"Showcase Keysigning" in your message, that will help me process
it appropriately.
Note regarding PGP 5.x/6.x Diffie-Hellman keys... At this time, we
have not determined if the keysigning will be restricted to RSA keys only or
if well will make some attempt to include D-H keys. Your feedback is
important on this. Any keys (RSA or D-H) which are signed by D-H keys
can not be used by PGP 2.x or earlier or by Viacrypt PGP. Optimally,
everyone should use RSA keys to avoid compatibility problems. Use of
D-H keys for signing other keys should be limited to only other D-H keys.
Thank you!
Mike Warfield
mhw@wittsend.com
Last Modified: October 12, 1998 by Chris Farris
|