GPG Keysigning at FUDCon

[Matt Domsch]

On Wed, Jan 02, 2008 at 09:44:23PM -0500, Todd Zullinger wrote:
> Matt Domsch wrote:
> > I'm volunteering to run a GPG keysigning party at the FUDCon in
> > Raleigh in January.
> 
> And thank you for that Matt.  It should be fun.
> 
> > Keysignings are good ways to get to meet people face-to-face (with a
> > government-issued photo ID to boot!), and serves to extend the GPG
> > Web of Trust.
> >
> > http://barcamp.org/FUDConRaleigh2008
> >
> > for details on how to send me your keys beforehand.
> 
> Do you want folks to send you their keys or just their key info (the
> output of gpg --fingerprint)?  The wiki says send your key, but the
> command used won't send the key, just the key info.

gpg --fingerprint is fine - I'm pulling the keys themselves from the
public keyservers based on the fingerprint.  This makes sure the keys
get published at least once to the keyservers (and of course, to be of
benefit after the keysigning, they'll have to be published again.)
 
> If you haven't seen it before, I'd recommend giving a look at the
> "Efficient Group Key Signing Method" by Len Sassaman and Phil
> Zimmermann, documented at http://sion.quickie.net/keysigning.txt
> 
> It cuts a lot of the tediousness out of a key signing involving more
> than just a few people.

yep.  That's basically my plan. So far only ~14 people have sent me
keys, so even bicycle chain won't take but a few minutes.  I'll email
everyone who has sent keys, and fedora-devel, the instructions early
next week for getting the plaintext list of keys, the keyring I've
compiled from the sent fingerprints, the SHAx sums and the rest.

> I'd be glad to offer any help you might want in preparing for this.
> I've only helped organize a few key signings, but I've been using and
> following PGP for what seems like ages. :)

You bet - please keep me honest too. :-) 

-- 
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux