[77all] PGP Key Signing

[IETF Secretariat <ietf-secretariat@ietf.org>]

Once again, we will be holding a PGP Key signing party at the 77th IETF
meeting in Anaheim. We have been scheduled to meet at 2000 on the evening
of Tuesday, March 23 in the Manhattan room.

In addition, we expect to have at least one CACert assurer in attendance.
So, if you're interested in being assured, please feel free to join us.
For more info, see <http://wiki.cacert.org/FAQ/AssuranceByCAP>.  Of
course, if you are a CAcert assurer, we'd be happy to have your help.

The procedure we will use for the PGP signing is the following:

o People who wish to participate may do so in one of two ways. You may
bring slips of paper with your name, e-mail address, key-id, and key
fingerprint. (One way of generating this if using gpg is "gpg --list-keys
--fingerprint my_username@hostname") You should bring enough for everyone
who may attend; given recent attendance patterns, around 50 should be more
than enough. (You can generally fit 10-12 strips containing your key
fingerprint on a single sheet of paper, and then cut out strips to hand
out.)

o Alternatively, you may email an ASCII extract of their PGP public key
to <jhutz@cmu.edu> by noon on Tuesday, March 23. Please include a subject
line of "IETF PGP KEY", and please DO NOT MIME-ENCRYPT your e-mail; send
it to me as plain text.

The method of generating the ASCII extract under Unix is:

      pgp -kxa my_email_address mykey.asc (pgp 2.6.2)
      pgpk -xa my_email_address > mykey.asc (pgp 5.x)
      gpg --export -a my_email_address > mykey.asc (gpg)

If you're using Windows or Macintosh, hopefully it will be Intuitively
Obvious (tm) using the GUI interface how to generate an ASCII armored key
that begins "-----BEGIN PGP PUBLIC KEY BLOCK-----".

o By 1730 on Tuesday, you will be able to fetch complete key ring from
any of the following locations with all of the keys that were submitted:

      /afs/grand.central.org/project/ietf-pgp/ietf77/ietf77.pgp
      http://grand.central.org/dl/ietf-pgp/ietf77/ietf77.pgp
      ftp://grand.central.org/pub/ietf-pgp/ietf77/ietf77.pgp

o At 2000, come prepared with the PGP Key fingerprint of your PGP public
key; we will have handouts with all of the key fingerprints of the keys
that people have mailed in.

o In turn, readers at the front of the room will recite people's keys; as
your key fingerprint is read, stand up, and at the end of reading of your
PGP key fingerprint, acknowledge that the fingerprint as read was correct.


o Later that evening, or perhaps when you get home, you can sign the keys
corresponding to the fingerprints which you were able to verify on the
handout; note that it is advisable that you only sign keys of people when
you have personal knowledge that the person who stood up during the
reading of his/her fingerprint really is the person which he/she claimed
to be.

o Send the signed keys to the owners, and, optionally, to the PGP key
servers. Some people opt to NOT send the signed keys to the keyservers,
but rather choose to send them only to the e-mail address on the key's
userid, encrypted for that particular key. This tends to ensures the
validity of the e-mail address.

Note that you don't have to have a laptop with you; if you don't have any
locally trusted computing resources during the key signing party, you can
make notes on the handout, and on the strips of papers, and then take
these and sign the keys later.

Acknowledgment: The bulk of the text of this message was taken from the
messages usually sent by Ted Ts'o to announce IETF key signing parties.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
 Sr. Research Systems Programmer
 School of Computer Science - Research Computing Facility
 Carnegie Mellon University - Pittsburgh, PA