Keysigning Oct 2002 B.A.D.

Mike Markley mike@markley.org
Mon, 30 Sep 2002 18:06:12 -0700 

On Mon, Sep 30, 2002 at 04:03:56AM -0700, Grant Bowman wrote:
> I don't know all that's involved in organizing a key signing.  
> If someone would like to organize a key signing I would appreciate it.
> I did find this document.
> 
>         http://people.debian.org/~jaqque/keysign.html

Basically, someone volunteers to gather the keys together and anyone who's
interested in getting their key signed brings their key ID and fingerprint,
along with photo ID. Your best bet is probably to print it out several times
on a sheet of paper, then tear the paper into individual bits. Business card
stock also works well for this purpose.

I hereby volunteer to gather the keys together. Send me your public key
(private email please) before, say, October 7 and I'll create the keyring
for this get-together. Please sign your mail so I can give some assurance
that the key belongs to the person I get the message from. I'll email a
reply back and expect a reply back to my reply (which may only prove that
the person masquerading as you has access to the email address on the key,
but that's about as much verification as can be expected under the
circumstances).

On October 8 I'll send everyone a list of what keys are on the keyring. You
can then print it out and bring it along, and check off each key as you see
the photo ID associated with it (confirm the person's identity). Afterwards,
send me your signatures and I'll add them to the keyring for the get-
together.

Just to make things fun and paranoid, I'll also email a secret word back to
everyone I get a key from, encrypted for that key. Bring me this secret word
at the get-together for maximum identify verification.

Of course this all hinges on me being trustworthy, but if you believe
otherwise you're free to organize your own deal ;). The tradeoff is less
hassle for the others in attendance -- everyone does not have to exchange a
secret word with everyone else. After the meeting I'll send out a list
confirming whose identity I confirmed. Then you can run down your list of
keys and sign those whose key has been confirmed by both you and I.

I hope this is sufficiently complicated for everyone :). I've never
organized such a thing before, so I am open to suggestions.

-- 
Mike Markley <mike@markley.org>
GPG: 0x3B047084 7FC7 0DC0 EF31 DF83 7313  FE2B 77A8 F36A 3B04 7084

Boy, life takes a long time to live.
- Steven Wright