Get news?
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
About
Contact Want to help?
|
Get news?
|
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
About
Contact |
Want to help?
|
|
 15th International Linux System Technology Conference 7.10.-10.10.2008 at the University of Hamburg, Germany |
|
|
Home
Program
Abstracts
Sponsoring
Fees
Location/Accomodation
Key signing party
Call for Papers |
This years key signing party will be organized and sponsored by DFN-CERT
– the provider of security services for the German research
network, i.e. universities and other government institutions.
The PGP key signing party will take place at Linux-Kongress 2008.
We have been scheduled to meet at 6:15pm on Thursday, October 9,
2008 in auditorium 1 (H1 after Heinz Mauelshagen's talk)
People who wish to participate should e-mail an ASCII extract of their PGP public key to lk2008-keys@dfn-cert.de by October 8, 2008.
Please include a subject line of "LK 2008 PGP KEY", and please do
not sign or encrypt your e-mail.
The method of generating the ASCII extract is:
gpg --export -a my_email_address > mykey.asc (GnuPG)
pgp -kxa my_email_address mykey.asc (pgp 2.6.2)
By Thursday, October 9, you will be able to fetch both
the complete key ring with all the keys that were submitted along
with a text file giving the fingerprint of each key on the ring.
These files will be found here (pull files on date above, not earlier):
http://www.linux-kongress.org/2008/keysigning/lk2008.gpg http://www.linux-kongress.org/2008/keysigning/lk2008.txt
Verify that the fingerprint of your key in lk2008.txt is correct. Also compute the MD5 and SHA1 hash of lk2008.txt. One way to do this is with md5sum invoked as follows:
% md5sum lk2008.txt <some large hex number> % sha1sum lk2008.txt <some even larger hex number>Just to be sure that you had no problems with the download, the MD5 and SHA1 hash will be published at http://www.linux-kongress.org/2008/keysigning/hash.txt. Note, that this is just a hint – you must do the check yourself.
Bring the hash you computed, a hard copy of lk2008.txt (we will provide printouts at the event in case you can't print it out before you leave to Hamburg), your identity card (official one, issued by a government institution) and a pencil to the event.
A reader at the front of the room will recite the MD5 hash of lk2008.txt. Verify that the hash recited matches what you computed. This guarantees that all participants are working from the same list of keys.
In turn, each participant will stand up and acknowledge that the fingerprint of his or her key listed is correct. Mark the key verified on your hard copy using the box with the square brackets. The identity card will also be passed around and you should match the image with the actual person; if they match you should mark that corresponding user ID fields using the box with the round parenthesis.
Later that evening, or perhaps when you get home, you can sign the keys corresponding to the fingerprints which you were able to verify on the hard copy; note that it is advisable that you only sign keys of people when you have personal knowledge that the person who stood up during the reading of his/her fingerprint really is the person which he/she claimed to be. This is the reason we provide the check boxes left to the user IDs.
Note that you don't have to have a laptop with you; if you don't have any locally trusted computing resources during the key signing party, you can make notes on the hard copy, and then take the hard copy home and sign the keys later.
Any questions regarding the key signing party, addresse please to DFN-CERT, dfnpca < at > dfn-cert.de
| Comments or Questions? Mail to contact@linux-kongress.org | Last change: 2008-10-03 |