Key signing party
Basics. Where: SB 279 When: Saturday, May 10, 2014 @ 13:00 - 17:30 What is a PGP keysigning party? A key signing party is a get-together of people who use the PGP encryption system with the purpose of allowing those people to sign each others keys. Key signing parties serve to extend the web of trust to a great degree. Key signing parties also serve as great opportunities to discuss the political and social issues surrounding strong cryptography, individual liberties, individual sovereignty, and even implementing encryption technologies or perhaps future work on free encryption software. How do I prepare for the party? You MUST send your PGP key to "Aaron Toponce <email@example.com>" by no later than May 9, 23:59. Aaron has to print out everyone's public key information before the party, and may not have access to a printer the day of the party. Set the subject to "My PGP key" when sending your email. Aaron Toponce has set email filters that will automatically send that email to a specific mailbox, so all the keys can be properly collected, without going to SPAM, or some other mailbox. What do I need to bring to the party? 1. Physical attendance is mandatory. 2. Positive photo identification. a. two forms of photo identification are recommended. b. at least one form should be government issued (passport, driver license, etc.). 3. A printout of your key ID, hex fingerprint, key size and key type. a. Run "gpg -K --fingerprint <your email>" from the command line. 4. Something to write with. If you bring a computer, please keep it in your bag and powered down during the party. This is for security measures to prevent the spread of malicious software, the misplacement of private keys, and damaged or misplaced equipment. What happens at the party? Aaron Toponce will be the party organizer, and will explain the method of the keysigning procedure to the group. Basically, it will proceed as follows: 1. Aaron will call out those who have emailed their key, one-by-one. 2. The person called then reads off their PGP key information. a. Everyone in the group verifies that the PGP key information is correct. b. This continues until all people have been verified. 3. Everyone then forms two equal lines, facing each other. a. PGP key information is identified. b. Photo identification is verified. What happens after the party? After the party has concluded, every attendee will go home, download the public keyring that Aaron Toponce will email to the attendees, and sign each key they have veirified at the party. Once each key is signed, the signed public key is then emailed to the user. Why hold PGP keysigning parties? There are three primary reasons to hold as many key signing parties as you possibly can. First, and perhaps most importantly, you should hold as many key signing parties as possible in order to expand the web of trust. The deeper and more tightly inter-linked the web of trust is, the more difficult it is to defeat. This is of special significance to the Free Software Community, for both developers and users alike. Members of the community rely upon PGP technology to cryptographically protect the integrity of their software packages, security advisories, and announcements. The strength and robustness of the web of trust is directly proportional to the strength of the protection PGP provides the community from security threats such as trojan horses, malware, viruses, and forged messages. Second, key signing parties help others get integrated into the security culture and encourage them to gain an understanding of PGP and related strong cryptography technologies. In order to get the benefits of strong cryptography, people must use strong cryptography, and use it properly. This requires a basic understanding of the underlying technology. It can be difficult for people new to computers and new to the free software culture to gain such an understanding. Introducing people who lack knowledge and skills in cryptography to individuals that have developed them can be very helpful to those trying to learn. It provides a great deal of value and benefits everyone. Finally, key signing parties help build communities. They help techies get together to get to know each other, network, and discuss important issues like civil liberties, cryptorights, and internet regulation. Discussion is important because discussion is not only the first step, but also the step before action. When I first wrote this document there were not very many complex webs of trust in the world. Things have dramatically improved, with more plentiful webs that are much deeper than they were a few years ago. However, it still remains the case that if you work to build a web of trust in your local area, it is very likely that the first participants in that web will be the leaders and policy setters of the internet community in your area. They are the individuals who can choose to build secure strong cryptographic technology and protocols into the local infrastructure if they so choose. The integration of such technology and protocols could make issues like the FBI's carnivore system and the National Security Agency's illegal domestic surveillance technologically infeasible and therefore moot.
– . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o