Michael C. Toren on 6 Feb 2007 17:32:50 -0000 |
PLUG has received another shipment of books from Prentice Hall: - Moving to Ubuntu Linux - SELinux by Example - Linux Live CDs - Practical PHP and MySQL - Fedora Core6 Unleashed - Understanding AJAX I won't be able to make the meeting tomorrow, but I'm giving them to Toby to bring over and hand out. Also, our speaker for this month, Matthew Rosewarne, has expressed interest in having a keysigning at tomorrow's meeting. If you'd like to participate, please bring enough (10?) hardcopies of your fingerprint ("gpg --fingerprint your@email) to hand out to others, along with photo identification you believe is sufficient for proving your identity. The keysigning procedure on the PLUG website is unfortunately out of date at this point. Recently, the procedure we've been following has simply been similar to what is described at: http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#traditional In brief, during the keysigning portion of the PLUG meeting: - To exchange keys with someone, give him a hardcopy of your key finger, along with your photo identification. - When someone gives you a hardcopy of his fingerprint and photo identification, determine to your satisfaction if the person appears to be who they claim to be. If so, mark the hardcopy with your initials, and take it home with you. And then when you get home, perhaps the easiest way to sign keys is: - Go through the list of hardcopy fingerprints you marked with your initials, and download a copy of the key to your keyring. - Use the caff(1) utility to mail an encrypted, signed copy of each UID on the key to the email address of the UID. Do *not* yet add a signed copy of the key to your local keyring. - When you receive an encrypted email with a signed copy of your key from someone, import it ("gpg --import") in to your keyring, and publish your updated public key however you like -- most likely by re-uploading it to a keyserver. I would also recommend mailing a copy of the key back to the person who sent it to you, so they can add it to their local keyring. By using the caff utility, we can easily verify not only the photo identification of an individual, but also their email address. caff can be found at http://pgp-tools.alioth.debian.org/, or in the Debian signing-party package. If anyone has any questions, please let me know. Thanks, -mct ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|