Keysigning Party @ Debconf4 2004

At Debconf4 in Porto Alegre, Brazil there will be an OpenPGP (pgp/gpg) keysigning party.

The party will be on Sunday, May 30th, at 21:00.

What is/Why keysigning?

A key signing party is a get-together of people who use the PGP encryption system with the purpose of allowing those people to sign each others keys. Key signing parties serve to extend the web of trust to a great degree. Key signing parties also serve as great opportunities to discuss the political and social issues surrounding strong cryptography, individual liberties, individual sovereignty, and even implementing encryption technologies or perhaps future work on free encryption software.

Please read section One of the GnuPG Keysigning Party HOWTO (note: we are doing the party slightly different, so the other chapters do not 100% apply).

How the Keysigning Will Happen

The Party will be conducted using Len Sassaman's Efficient Group Key Signing Method which is a protocal to do keysignings in a way that is faster than the way many people may be familiar with:

• If you intent to participate please send your ascii armored public key to ksp-dc4@yukidoke.org by Thursday, May 20th, 2004

  This deadline has now passed. If you haven't submitted your key yet, it's too late to get your key on the primary sheet. It's not, however, too late to participate altogether. Please find Mako at Debconf before the 30th and we can work out a way for you to participate.

• By Saturday, May 22st, you will be able to fetch both the complete keyring with all the keys that were submitted along with a text file giving the fingerprint of each key on the ring.
• At home, verify that the fingerprint of your key in ksp-dc4.txt is correct. Also compute the MD5 hash of ksp-dc4.txt. One way to do this is with md5sum invoked as follows:

  % md5sum ksp-dc4.txt

  or

  gpg --print-md md5 ksp-dc4.txt

  Just to be sure that you have no problems with the download, here is the MD5 hash as we have calculated it:

  MD5 = 7F 52 7B 3B E1 30 CE C3 40 7A FC C5 B8 55 F8 CF

  Note that this is just a hint - you must do the check yourself.

  I will also read the SHA1 hash, so you can calulate that too with sha1sum or gpg --print-md sha1).

• At Debconf, come with the hash you computed and a hardcopy of ksp-dc4.txt.
• A reader at the front of the room will recite the MD5 hash of ksp-dc4.txt. Verify that the hash recited matches what you computed. This guarantees that all participants are working from the same list of keys.
• In turn, each participant will stand and acknowledge that the fingerprint of his or her key listed is correct. Mark the key verified on your hardcopy. Since we already ensured that everybody has the same copy a simple statement like "yes, this information is correct" is sufficient.
• The next step is to verify each participant's identity by checking her passport or similar form of ID.
• Later that evening, or perhaps when you get home, you can sign the keys which you were able to verify hardcopy. After you signed a key send it to its owner together with your signature.

• ksp-dc4.txt - List of participants
• ksp-dc4.asc - participating keys

Summary: What to bring with you

• A printout of ksp-dc4.txt; check that your fingerprint is correct.
• The MD5 Hash you made of ksp-dc4.txt so that we can ensure we are all working with the same copy.
• Some form of government issued ID (passport or similar).
• If this is your first keysigning, a copy of this email and linked documents might be useful.

If you have questions please ask Benjamin Mako Hill <mako@debian.org>.

Special thanks goes goes to Peter Palfrader who provided the scripts and text used at Debconf3 and LinuxTag (2003 and 2004) whose reuse made putting together this keysigning easy and possible.

Relevant Information and Sources for More Information