<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6619.12">
<TITLE>Keysigning</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><B><FONT FACE="Courier New">I recently received a request to sign someone's PGP/GPG key at the next meeting (seems they found "me" through biglumber, and I mentioned in the comments that I attend SGVLUG meetings...) Since getting signatures is (generally) deemed a good idea, I'd like to invite (remind) everyone to consider setting up a key and getting it signed (and sign everyone else's) at the meeting.</FONT></B></P>
<P><B><FONT FACE="Courier New">A really rough overview for those that wish to participate:</FONT></B>
</P>
<P><B><FONT FACE="Courier New"> 1) get a key </FONT></B>
<BR><B><FONT FACE="Courier New"> 1a) [optional, but recommended] place your PUBLIC key on a well-known server</FONT></B>
<BR><B><FONT FACE="Courier New"> 1b) [required] print your "fingerprint" and bring "several" copies to the meeting</FONT></B>
<BR><B><FONT FACE="Courier New"> [recommended: print onto blank business cards or several times (double spaced) on a page, then cut the page into strips] -- consider bringing at least 6 copies</FONT></B></P>
<P><B><FONT FACE="Courier New"> 1c) [alternate] if we get "enough" people interested in doing this at the next meeting (at least 15 people), we'll do it "list fashion", in which case you really only need 1 copy of your fingerprint. Please forward your ID and/or fingerprint to me by the 8th so I can prepare a list.</FONT></B></P>
<P><B><FONT FACE="Courier New"> 2) bring yourself and some plausible ID to the meeting</FONT></B>
</P>
<P><B><FONT FACE="Courier New"> 3a) informally: exchange "fingerprint slips" and check ID's; note which ones you trust </FONT></B>
<BR><B><FONT FACE="Courier New"> 3b) formal list: verify YOUR fingerprint is correct on your own list AND anyone else's list you exchange with; verify THEIR fingerprint is the same and correct on both lists; verify their ID (and determine your "trust" level of that ID)</FONT></B></P>
<P><B><FONT FACE="Courier New">AFTER the party</FONT></B>
</P>
<P><B><FONT FACE="Courier New"> 1) get THEIR key [from a keyserver or other means]</FONT></B>
<BR><B><FONT FACE="Courier New"> 2) review the FINGERPRINT of their key to ensure it matches what you have on their slip/the list</FONT></B>
<BR><B><FONT FACE="Courier New"> 3) SIGN their key with YOUR key</FONT></B>
</P>
<P><B><FONT FACE="Courier New"> 4a) IF the person who's key you just signed does NOT want that signature to be public, EXPORT the key to a file and return it in a secure fashion to that person [note: this should be rare...]</FONT></B></P>
<P><B><FONT FACE="Courier New"> 4b) IF you got their key from a server, SEND it back to the server with your signature now attached.</FONT></B>
</P>
<P><B><FONT FACE="Courier New">FULL details of this process can be found at </FONT></B>
<BR><B></B><A HREF="http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html"><B><U><FONT COLOR="#0000FF" FACE="Courier New">http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html</FONT></U></B></A><B></B>
</P>
<BR>
</BODY>
</HTML>