Arrangements- Muli Ben Yehuda
Howdy, Penguin Lovers!
As announced before here and elsewhere, we will have a PGP key signing
party at the August Penguins event (this Friday, 0900, Tel Aviv
Cinemateque, more details at http://www.iglu.org.il/august/).
The key signing party will take place immediately after the movie, so
expect to stick around for a few more minutes. If you want to take
part, you need:
Here's what a key signing party looks like, from the GnuPG Keysigning
- to have a PGP public key/private key pair. I assume you already have
this, but if you don't, now's a great time to get one. There are
explanations on how to create one
to send me your public key and public key information, BY WEDNESDAY
NIGHT. This is because I need time to compile the list of
participating people and keys to distribute it to party goers.
gpg -a --export your_name should output your public key in armored
ascii mode. Send me this file, and the key information (ID, type, size
and hex fingerprint).
to bring with you a valid form of identification such as an ID card
or a driver's license. You also need to bring with you your key info
(key id, key type, key size and key hex fingerprint).
A centralized party would be a more organized affair which would work
well with small to medium numbers of people. The participants would
send their key information to the coordinator who would compile it
into a list. Each participant, upon arriving at the party, would be
given a copy of the key list. Each participant would then be called on
by the coordinator. The participant would then check their key
fingerprint against the fingerprint on the sheet that the coordinator
gave them. If the participant is sure that their key is the same as
the key on the sheet then the participant would read their fingerprint
aloud so that the other party participants can make sure they also
have the correct matching fingerprint. If they do in fact have the
correct matching fingerprint, they check it off on their sheet. This
is necessary to make sure that the coordinator has not made a mistake
in the generation of the sheet or has not slipped a sheet with faked
key information to one or more of the participants. After everyone has
checked off the participant's key, the coordinator then calls on the
next participant, and so on. After all of the keys have been verified,
the participants and coordinator are asked to form a long single file
line while holding their IDs in front of them. The person at the head
of the line walks down the line and checks each person's ID. If their
ID is correct and the person walking down the line has a check next to
the individual in the line's key verifying that they had said it was
their key at the beginning of the party, he places a second check mark
on his list. Once a key has two check marks it can be signed.
If you have any questions, don't hesitate to contact me. See y'all at
Outcomes- Yotam Rubin
This party involved the identity verification of
participants so their keys could be later signed by fellow participants.
Although not deprived of a procedural mishap, the party was completed with
9 verified identities. Soon after the gathering had terminated, people began
to sign each other's keys. As of now, there are 8 keys in this newly formed
keyring. I have posted
the keyring and other visual aids produced by sig2dot.pl and graphviz.
I hope that this keyring will continue to expand. The value of a
public keyring, where one may reliably confirm another's identity is not
only useful for the present, but possibly for the future as well, when the
government would want to explore digital id's and the like. Should there be
a large enough keyring, it's possible that government officials might lean
towards an open solution, rather than a proprietary one.
If anyone wants to hold a key signing party in Beer-Sheva and the vicinity,
please let me know.
Regards, Yotam Rubin
: Most people neglected to bring their key
fingerprints, which tends to decrease the reliability of the whole