Key signing party

Basics.
    Where: SB 279
    When: Saturday, May 10, 2014 @ 13:00 - 17:30

What is a PGP keysigning party?
    A key signing party is a get-together of people who use the PGP encryption
    system with the purpose of allowing those people to sign each others keys.
    Key signing parties serve to extend the web of trust to a great degree. Key
    signing parties also serve as great opportunities to discuss the political
    and social issues surrounding strong cryptography, individual liberties,
    individual sovereignty, and even implementing encryption technologies or
    perhaps future work on free encryption software.

How do I prepare for the party?
    You MUST send your PGP key to "Aaron Toponce <aaron.toponce@gmail.com>" by
    no later than May 9, 23:59. Aaron has to print out everyone's public key
    information before the party, and may not have access to a printer the day
    of the party.

    Set the subject to "My PGP key" when sending your email. Aaron Toponce has
    set email filters that will automatically send that email to a specific
    mailbox, so all the keys can be properly collected, without going to SPAM,
    or some other mailbox.

What do I need to bring to the party?
    1. Physical attendance is mandatory.
    2. Positive photo identification.
        a. two forms of photo identification are recommended.
        b. at least one form should be government issued (passport, driver
        license, etc.).
    3. A printout of your key ID, hex fingerprint, key size and key type.
        a. Run "gpg -K --fingerprint <your email>" from the command line.
    4. Something to write with.

    If you bring a computer, please keep it in your bag and powered down during
    the party. This is for security measures to prevent the spread of malicious
    software, the misplacement of private keys, and damaged or misplaced
    equipment.

What happens at the party?
    Aaron Toponce will be the party organizer, and will explain the method of
    the keysigning procedure to the group. Basically, it will proceed as
    follows:

    1. Aaron will call out those who have emailed their key, one-by-one.
    2. The person called then reads off their PGP key information.
        a. Everyone in the group verifies that the PGP key information is
           correct.
        b. This continues until all people have been verified.
    3. Everyone then forms two equal lines, facing each other.
        a. PGP key information is identified.
        b. Photo identification is verified.

What happens after the party?
    After the party has concluded, every attendee will go home, download the
    public keyring that Aaron Toponce will email to the attendees, and sign
    each key they have veirified at the party. Once each key is signed, the
    signed public key is then emailed to the user.

Why hold PGP keysigning parties?
    There are three primary reasons to hold as many key signing parties as you
    possibly can.

    First, and perhaps most importantly, you should hold as many key signing
    parties as possible in order to expand the web of trust. The deeper and
    more tightly inter-linked the web of trust is, the more difficult it is to
    defeat. This is of special significance to the Free Software Community, for
    both developers and users alike. Members of the community rely upon PGP
    technology to cryptographically protect the integrity of their software
    packages, security advisories, and announcements. The strength and
    robustness of the web of trust is directly proportional to the strength of
    the protection PGP provides the community from security threats such as
    trojan horses, malware, viruses, and forged messages.

    Second, key signing parties help others get integrated into the security
    culture and encourage them to gain an understanding of PGP and related
    strong cryptography technologies. In order to get the benefits of strong
    cryptography, people must use strong cryptography, and use it properly.
    This requires a basic understanding of the underlying technology. It can be
    difficult for people new to computers and new to the free software culture
    to gain such an understanding. Introducing people who lack knowledge and
    skills in cryptography to individuals that have developed them can be very
    helpful to those trying to learn. It provides a great deal of value and
    benefits everyone.

    Finally, key signing parties help build communities. They help techies get
    together to get to know each other, network, and discuss important issues
    like civil liberties, cryptorights, and internet regulation. Discussion is
    important because discussion is not only the first step, but also the step
    before action. When I first wrote this document there were not very many
    complex webs of trust in the world. Things have dramatically improved, with
    more plentiful webs that are much deeper than they were a few years ago.
    However, it still remains the case that if you work to build a web of trust
    in your local area, it is very likely that the first participants in that
    web will be the leaders and policy setters of the internet community in
    your area. They are the individuals who can choose to build secure strong
    cryptographic technology and protocols into the local infrastructure if
    they so choose. The integration of such technology and protocols could make
    issues like the FBI's carnivore system and the National Security Agency's
    illegal domestic surveillance technologically infeasible and therefore
    moot.