NANOG 32 PGP key signing
John Kristoff
jtk at northwestern.edu
Tue Oct 5 14:48:09 UTC 2004
On Tue, 5 Oct 2004 13:58:55 +0100
Jonathan McDowell <noodles at earth.li> wrote:
> > <http://www.nanog.org/pgp.html>
> There doesn't seem to be a lot of emphasis on identity verification
> according to this page. It only says "You might want to bring photo id
[...]
> http://sion.quickie.net/keysigning.txt
Thanks for the feedback. Other than a few minor host and link details
I don't think that page has changed much over the last few meetings.
I'll suggest some wording changes to the NANOG support folks offlist.
In the meantime I've included the above link and the GnuPG Keysigning
Party HOWTO document as notes to the event listing:
<https://www.biglumber.com/x/web?ev=16478>
In the past we've had each key fingerprint read off so participants
can verify they have the correct signature. Len's method is certianly
faster, which most people would probably appreciate. However, we often
have a lot of last minute participants, which means ensuring everyone
is on the list and everyone has their own hard copy of the list with the
correct md5/sha1 hash may be a problem.
If no one has any major complaints, we can use Len's method for those
who get their keys into the keyring on biglumber a few working days
before the meeting. That will give early participants time to bring
their own hard copy of the list and make verification for those keys
go that much faster for those who are planning ahead.
Keys submitted after that period and up to 6:00 p.m. on Monday can be
verified as we've always done, with each fingerprint being read and
verified in front of the group or between individuals. This means two
lists. One for Len's method and another for late participants (it'll
include all keys for completeness).
John
More information about the NANOG
mailing list