Re: pgp signing in van

Michael Richardson <mcr@sandelman.ca> Fri, 06 September 2013 17:19 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41B9511E82D7 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 10:19:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.229
X-Spam-Level:
X-Spam-Status: No, score=-2.229 tagged_above=-999 required=5 tests=[AWL=0.370, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16fueVZ8v0um for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 10:19:47 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3::184]) by ietfa.amsl.com (Postfix) with ESMTP id 090A011E82D8 for <ietf@ietf.org>; Fri, 6 Sep 2013 10:17:56 -0700 (PDT)
Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id 5395620172; Fri, 6 Sep 2013 14:25:58 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 5A4F263AF0; Fri, 6 Sep 2013 13:17:44 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 460AC63848; Fri, 6 Sep 2013 13:17:44 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: IETF Disgust <ietf@ietf.org>
Subject: Re: pgp signing in van
In-Reply-To: <m2zjrq22wp.wl%randy@psg.com>
References: <m2zjrq22wp.wl%randy@psg.com>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Fri, 06 Sep 2013 13:17:44 -0400
Message-ID: <2309.1378487864@sandelman.ca>
Sender: mcr@sandelman.ca
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 17:19:51 -0000

I will be happy to participate in a pgp signing party.
Organized or not.

I suggest that an appropriate venue is during the last 15 minutes of the
newcomer welcome and the first 15 minutes of the welcome reception.

Because:
  1) the WG-chairs and IESG will all be there, and a web of trust
     still needs some significant good connectivity, and we already
     know each other rather well, without needing "ID"
     (I am not interested myself in verifying anyone's NSA^WGovernment
     identity. I don't trust that Certification Authority...)

  2) getting newbies on-board, meeting them well enough to sign
     their key seems like a good thing.

But, Randy, of what use is my signing your key, if you never use it?

I would happy to sign a key for a network personality who posts
signed message regularly to @ietf.org mailing lists.  I would simply give
them a nonce to sign.   (For awhile, I was convince sm@resistor.net,
whose full name I did not know until Orlando, was a gestalt network
identity...)

My key is still available via finger mcr@sandelman.ca, and root@sandelman.ca
is offline (I used to have a 286 in the corner), and has web of trust
signatures going back to 1994.
pub   1024R/B0C8713D 1994-11-08 <- it's a bit weak these days.
pub   2208R/FCA16F90 2006-10-10 <- new "modern" offline key.

We just put our GPG fingerprint into the MEMO part of a vcard,
http://zxing.appspot.com/generator/ or using qrencode
http://fukuchi.org/works/qrencode/index.html.en (in debian/ubuntu)

I suggest that perhaps this might be a useful way to exchange info:
   http://www.sandelman.ca/tmp/IMG_20130906_125920.jpg
one would take a picture of the other person with their QR code
and fingerprint.  It also just works to remember the names of new people!

(Sadly, I can't scan the QR code with my phone from the photo displayed
on my screen, but I can read the fingerprint)

Patrik has a blog post: http://stupid.domain.name/node/1323
that does exactly that.

ps: nice address book entry for ietf@ietf.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [