CCCKC Key signing party

[Joel Kershner]

Any one want to do a PGP/GNUPG key signing party?

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5E5A93BF406E228D

[Hal Gottfried]

Sure!

On Sep 23, 2012, at 3:15 PM, Joel Kershner <asmo...@cowtowncomputercongress.org> wrote:

Any one want to do a PGP/GNUPG key signing party?

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5E5A93BF406E228D

--
 
 

[Dave Dalton]

I'm up for that.   

As long as it is nothing like the last key party.....

Sent from my iPhone

--
 
 

[Hal Gottfried]

No Dave it isn't 1979 again ;) 

--
 
 

[ax0n]

Moi:

http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xAFC722277144C09F 

This doesn't change the fact that I have a really hard time getting to the space any days, but especially Thursdays. This week, I'll be in the NYC 'burbs learning all about my favorite subject of all time: Sarbanes-Oxley.  #FFFFFFFFFFUUUUUUUUUU

--
 
 

[Paul Leonard]

Yeah, the last one of those required a shot of penicillin and a lot of soul searching. Also: the same thing for the key party.

paul

--
 
 

[Hal Gottfried]

Omg!

--
 
 

[James Costello]

And with this type of party, its a lot less awkward when you get your own key

--
 
 

[Hal Gottfried]

Wow! That is a good point!

--
 
 

[Joel Kershner]

Okay Hal, do we have anything on the calendar for Halloween?  How about A Halloween Key-signing party.  If not on Halloween how about the preceding or following weekend?  I can provide a ride to people who need one.

For those of you who don't know what this is: http://en.wikipedia.org/wiki/Key_signing_party
Step 1: Create a new PGP compatible Key pair.
Step 2: Upload your public key to MIT's PGP key site.
Step 3: Bring cards or slips of paper with your key ID number on it and your contact info (Name, email ...etc) .
* Note: Costumes should not obscure identity when asking people to sign your key.
* Note: I recommend a Sobriety test before signing keys - http://imgs.xkcd.com/comics/responsible_behavior.png
Step 4: Check, the persons identity via picture id's, careful scrutiny, nose print identification  ...etc then accept the persons card with their key ID on it.
Step 5: On a trusted computer, use your PGP program of choice to download the key ID's you have on your collection of cards and sign them with your private key.
Step 6: re-upload the signed key back to the website.

Check the website from time to time to see who has signed your key.

Sound like a plan?

[ax0n]

If you're using a Debian-derived Linux, the command-line GnuPG implementation of PGP comes pre-installed, as it's required for the package repository to work. I have a brief introduction to GnuPG's command line options and key signing here:

http://www.h-i-r.net/2009/03/gpg-part-1-key-management-key-signing.html 

--
 
 

[Joel Kershner]

http://www.gpg4win.org/
For windows users (be advised kleopatra and gpa tend to be flaky but they work)

And after a quick Google search: https://www.gpgtools.org/ (gpg tools for Mac OSX)

[Luis E. Rodriguez]

Dumb question. What is this for and how does it affect my day to day? So I can confirm people I exchange email with are who they say they are? I use Exchange server at work and gMail. How would it change?

Luis E. Rodriguez

Are you a Maker?

--
 
 

[Hal Gottfried]

Yes and you can use it for both

--
 
 

[ax0n]

Digitally signing a message allows others to know that you are who you say you are. You can send a message in plain text and the signature can be used by others to verify your identity as well as the integrity of the message. 

You can also send and receive encrypted messages which are almost impossible to crack.

The crux is that if you opt to use these technologies, it's best to use them 100% of the time. If you send 100 messages a week but only sign a few of them, no one will think twice when someone sends an illegitimate message that looks like it's from you that isn't digitally signed.

With encrypted messages, if only a small percentage of your messages are encrypted, then it stands to reason that the few encrypted messages contain sensitive information that you wish to be hidden.

Unfortunately, this level of encryption is somewhat reserved for cipherpunks and crypto nerds who are willing to put in the time and effort to configure and use it on a daily basis. 

--
 
 

[Paul Leonard]

I swear that no matter how I'm attired at such a party I promise that I won't be someone else for real. I mean, if you really want to look at my drivers license, I think we can arrange something because the picture isn't too bad.

Still, I probably won't be playing in that pool because I'm pretty sure that anyone who really really wants to know what I'm up to will find a way, with or without my knowledge or permission, and I don't generally like to be inconvenienced by pretend security. Although I suppose I can see cryptographically signing important documents, most of everything I say and do does not require that kind of authentication.

paul

--
 
 

[Hal Gottfried]

And how do we know that was really Paul who said that? I mean the real Paul may love encryption and be tied up in a basement with a dead cow somewhere.

--
 
 

[Paul Leonard]

You will never know, because we don't have mathematically absolute means to determine it. However the REAL Paul knows that you look up words in Words With Friends. :P

 

--
 
 

[Hal Gottfried]

Ah yes, you must be Paul or a ______ (uses app to look up word)

--