[74all] 74th IETF - PGP Key Signing

IETF Secretariat <ietf-secretariat@ietf.org> Sun, 22 March 2009 20:53 UTC

Return-Path: <wwwrun@core3.amsl.com>
X-Original-To: 74all@ietf.org
Delivered-To: 74all@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 30) id A2D703A6C05; Sun, 22 Mar 2009 13:53:23 -0700 (PDT)
From: IETF Secretariat <ietf-secretariat@ietf.org>
To: IETF Announcement list <ietf-announce@ietf.org>
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0
Message-Id: <20090322205323.A2D703A6C05@core3.amsl.com>
Date: Sun, 22 Mar 2009 13:53:23 -0700 (PDT)
Cc: 74all@ietf.org
Subject: [74all] 74th IETF - PGP Key Signing
X-BeenThere: 74all@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Announcement Only List for All IETF 74 Attendees <74all.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/74all>, <mailto:74all-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/74all>
List-Post: <mailto:74all@ietf.org>
List-Help: <mailto:74all-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/74all>, <mailto:74all-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2009 20:53:23 -0000

Once again, we will be holding a PGP Key signing party at the 74th IETF
meeting in San Francisco. We have been scheduled to meet at 1820 on
the evening of Tuesday, March 24 in Franciscan A.

Our scheduled time slot on Tuesday evening is a departure from previous
IETF meetings, when we have held key signing sessions on Wednesdays.
Changes in the IETF meeting agenda have reduced the length of the break
before the Wednesday plenary and make it impractical to hold a key-signing
session during that time.  Our scheduled slot is 40 minutes on Tuesday
evening, between the end of the last meeting session and the start of the
social event.  We should be done in plenty of time for participants to
attend the social event or find dinner elsewhere.

The procedure we will use is the following:

o People who wish to participate may do so in one of two ways. You may
 bring slips of paper with your name, e-mail address, key-id, and key
 fingerprint. (One way of generating this if using gpg is "gpg
 --list-keys --fingerprint my_username@hostname") You should bring
 enough for everyone who may attend; given recent attendance patterns,
 around 50 should be more than enough. (You can generally fit 10-12
 strips containing your key fingerprint on a single sheet of paper, and
 then cut out strips to hand out.)

o Alternatively, you may email an ASCII extract of their PGP public key
 to <jhutz@cmu.edu> by noon on Tuesday, March 24. Please include
 a subject line of "IETF PGP KEY", and please DO NOT MIME-ENCRYPT your
 e-mail; send it to me as plain text.

 The method of generating the ASCII extract under Unix is:

       pgp -kxa my_email_address mykey.asc (pgp 2.6.2)
       pgpk -xa my_email_address > mykey.asc (pgp 5.x)
       gpg --export -a my_email_address > mykey.asc (gpg)

 If you're using Windows or Macintosh, hopefully it will be Intuitively
 Obvious (tm) using the GUI interface how to generate an ASCII armored
 key that begins "-----BEGIN PGP PUBLIC KEY BLOCK-----".

o By 1500 on Tuesday, you will be able to fetch complete key ring
 from any of the following locations with all of the keys that were


o At 1820, come prepared with the PGP Key fingerprint of your PGP
 public key; we will have handouts with all of the key fingerprints of
 the keys that people have mailed in.

o In turn, readers at the front of the room will recite people's keys;
 as your key fingerprint is read, stand up, and at the end of reading
 of your PGP key fingerprint, acknowledge that the fingerprint as read
 was correct.

o Later that evening, or perhaps when you get home, you can sign the
 keys corresponding to the fingerprints which you were able to verify
 on the handout; note that it is advisable that you only sign keys of
 people when you have personal knowledge that the person who stood up
 during the reading of his/her fingerprint really is the person which
 he/she claimed to be.

o Send the signed keys to the owners, and, optionally, to the PGP key
 servers. Some people opt to NOT send the signed keys to the
 keyservers, but rather choose to send them only to the e-mail address
 on the key's userid, encrypted for that particular key. This tends to
 ensures the validity of the e-mail address.

Note that you don't have to have a laptop with you; if you don't have
any locally trusted computing resources during the key signing party,
you can make notes on the handout, and on the strips of papers, and then
take these and sign the keys later.

Acknowledgment: The bulk of the text of this message was taken from the
messages usually sent by Ted Ts'o to announce IETF key signing parties.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
  Sr. Research Systems Programmer
  School of Computer Science - Research Computing Facility
  Carnegie Mellon University - Pittsburgh, PA