Once again, we will be holding a PGP Key signing party at the IETF
meeting in Minneapolis. We have been scheduled to meet at 10:30pm on
the evening of Wednesday, November 12, 2003 in the Rochester room.
(Note that if the IETF Administration Plenary runs over, we will start
approximately 5 minutes *after* the Wednesday evening Plenary finishes.)
The procedure we will use is the following:
o People who wish to participate may do so in one of two ways. You may
bring slips of paper with your name, e-mail address, key-id, and key
fingerprint. (One way of generating this if using gpg is "gpg
--list-keys --fingerprint my_username(_at_)hostname") You should bring
enough for everyone who may attend; given recent attendance patterns,
between 50 and 100 should be plenty. (You can generally fit 10-12
strips containing your key fingerprint on a single sheet of paper, and
then cut out strips to hand out.)
o Alternatively, you may email an ASCII extract of their PGP public key
to <tytso(_at_)thunk(_dot_)org> by noon on Wednesday, November 12, 2003.
Please
include a subject line of "IETF PGP KEY", and please DO NOT
MIME-ENCRYPT your e-mail. Send it to me as plain text, and do NOT
base-64 encode things. (I will be running the entire mail folder file
through GPG, and PGP-keys that are base-64 encoded will get ignored
unless I take manual action to fix things. I will try do the manual
fixup, but I make no guarantees about catching all of them.)
The method of generating the ASCII extract under Unix is:
pgp -kxa my_email_address mykey.asc (pgp 2.6.2)
pgpk -xa my_email_address > mykey.asc (pgp 5.x)
gpg --export -a my_email_address > mykey.asc (gpg)
If you're using Windows or Macintosh, hopefully it will be Intuitively
Obvious (tm) using the GUI interface how to generate an ASCII armored
key that begins "-----BEGIN PGP PUBLIC KEY BLOCK-----".
o By 9pm on Wednesday, you will be able to fetch complete key ring
from the following URL with all of the keys that were submitted:
http://thunk.org/tytso/ietf-pgp/
o At 10:30pm, come prepared with the PGP Key fingerprint of your PGP
public key; we will have handouts with all of the key fingerprints of
the keys that people have mailed in.
o In turn, readers at the front of the room will recite people's keys;
as your key fingerprint is read, stand up, and at the end of reading
of your PGP key fingerprint, acknowledge that the fingerprint as read
was correct.
o Later that evening, or perhaps when you get home, you can sign the
keys corresponding to the fingerprints which you were able to verify
on the handout; note that it is advisable that you only sign keys of
people when you have personal knowledge that the person who stood up
during the reading of his/her fingerprint really is the person which
he/she claimed to be.
o Send the signed keys to the owners, and, optionally, to the PGP key
servers. Some poeple opt to NOT send the signed keys to the
keyservers, but rather choose to send them only to the e-mail address
on the key's userid, encrypted for that particular key. This tends to
ensures the validity of the e-mail address.
Note that you don't have to have a laptop with you; if you don't have
any locally trusted computing resources during the key signing party,
you can make notes on the handout, and on the strips of papers, and then
take these and sign the keys later.
- Ted