[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-team] 45th IETF: PGP Key Signing (fwd)



Pour ceux qui sont dans le coin 8-)

---------- Forwarded message ----------
Date: Wed, 23 Jun 1999 15:25:43 -0400
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: IETF-Announce:  ;
Subject: 45th IETF: PGP Key Signing

Once again, we will be holding a PGP Key signing party at the IETF
meeting in Oslo.

We have been scheduled to meet at 10:30 PM on Wendesday evening.


The procedure we will use is the following:

o People who wish to participate should email an ASCII extract (i.e.,
  the output of "pgpk -xa my-email@address" if you're using pgp 5.x or
  "pgp -kxa my-email@address" if you're using pgp 2.x) of their PGP
  public key to <tytso@mit.edu> by noon on *Tuesday* of the week of the
  IETF meeting. Please include a subject line of "IETF PGP KEY".

  Sending your key to me before the IETF meeting is appreciated, since
  it reduces the number of keys that I have to collect during the
  meeting. (In fact, why don't you send me your key right now if you
  know will be attending, so you won't forget?)

o By 6pm on Wednesday, you will be able to obtain a complete key ring
  with all of the keys that were submitted; they will be made available
  at:

	http://web.mit.edu/tytso/www/ietf5.pgp	
			(for all keys in a PGP 5.x keyring)
  and

	http://web.mit.edu/tytso/www/ietf2.pgp	
			(for PGP 2.x only keys in a PGP 2.x keyring)
	

o At 10:30pm, come prepared with the PGP Key fingerprint of your PGP
  public key; we will have handouts with all of the key fingerprints of
  the keys that people have mailed in.

o In turn, readers at the front of the room will recite people's keys;
  as your key fingerprint is read, stand up, and at the end of reading
  of your PGP key fingerprint, acknowledge that the fingerprint as read
  was correct.

o Later that evening, or perhaps when you get home, you can sign the
  keys corresponding to the fingerprints which you were able to verify
  on the handout; note that it is advisable that you only sign keys of
  people when you have personal knowledge that the person who stood up
  during the reading of his/her fingerprint really is the person which
  he/she claimed to be.

o Submit the keys you have signed to the PGP keyservers. A good one to
  use is the one at MIT: simply send mail containing the ascii armored
  version of your PGP public key to <pgp@pgp.mit.edu>.

Note that you don't have to have a laptop with you; if you don't have
any locally trusted computing resources during the key signing party,
you can make notes on the handout, and then take the handout home and
sign the keys later.

          - Ted

-----------------------
----------------------------------------------------------
Alexandre J.D. Dulaunoy  | Type bits/keyID (PGP Pub Key) |       
adulau@unix.be.EU.org    | pub  1024/4165497C		 |
_____________ (aka) AD993-RIPE/AD4384-DARPA ______________
  "Anyone who attempts to generate random numbers by 
     deterministic means is, of course, living in a
          state of sin." -- John von Neumann
----------------------------------------------------------


---------
This message was sent by Majordomo 1.94.3. Please report problems to
manu@rtfm.be. If you want to be deleted from the list, send a mail to
majordomo@rtfm.be with "unsubscribe linux-team" in the body.