Michael C. Toren on 6 Feb 2007 17:32:50 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Books, and Keysigning at tomorrow's meeting


PLUG has received another shipment of books from Prentice Hall:

        - Moving to Ubuntu Linux

        - SELinux by Example

        - Linux Live CDs

        - Practical PHP and MySQL

        - Fedora Core6 Unleashed

        - Understanding AJAX

I won't be able to make the meeting tomorrow, but I'm giving them to
Toby to bring over and hand out.

Also, our speaker for this month, Matthew Rosewarne, has expressed
interest in having a keysigning at tomorrow's meeting.  If you'd like to
participate, please bring enough (10?) hardcopies of your fingerprint
("gpg --fingerprint your@email) to hand out to others, along with photo
identification you believe is sufficient for proving your identity.  The
keysigning procedure on the PLUG website is unfortunately out of date at
this point.  Recently, the procedure we've been following has simply been
similar to what is described at:

        http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#traditional

In brief, during the keysigning portion of the PLUG meeting:

        - To exchange keys with someone, give him a hardcopy of your key
          finger, along with your photo identification.

        - When someone gives you a hardcopy of his fingerprint and photo
          identification, determine to your satisfaction if the person
          appears to be who they claim to be.  If so, mark the hardcopy
          with your initials, and take it home with you.

And then when you get home, perhaps the easiest way to sign keys is:

        - Go through the list of hardcopy fingerprints you marked with
          your initials, and download a copy of the key to your keyring.

        - Use the caff(1) utility to mail an encrypted, signed copy of
          each UID on the key to the email address of the UID.  Do *not*
          yet add a signed copy of the key to your local keyring.

        - When you receive an encrypted email with a signed copy of your
          key from someone, import it ("gpg --import") in to your keyring,
          and publish your updated public key however you like -- most
          likely by re-uploading it to a keyserver.  I would also
          recommend mailing a copy of the key back to the person who sent
          it to you, so they can add it to their local keyring.
          
By using the caff utility, we can easily verify not only the photo
identification of an individual, but also their email address.  caff can
be found at http://pgp-tools.alioth.debian.org/, or in the Debian
signing-party package.

If anyone has any questions, please let me know.

Thanks,
-mct
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug