Mailing List Archive

HA Summit Key-signing Party (was: Organizing HA Summit 2015)
Hello cluster masters,

On 13/01/15 00:31 -0500, Digimer wrote:
> Any concerns/comments/suggestions, please speak up ASAP!

I'd like to throw a key-signing party as it will be a perfect
opportunity to build a web of trust amongst us.

If you haven't incorporated OpenPGP to your communication with the
world yet, I would recommend at least considering it, even more in
the post-Snowden era. You can use it to prove authenticity/integrity
of the data you emit (signing; not just for email as is the case
with this one, but also for SW releases and more), provide
privacy/confidentiality of interchanged data (encryption; again,
typical scenario is a private email, e.g., when you responsibly
report a vulnerability to the respective maintainers), or both.

In case you have no experience with this technology, there are
plentiful resources on GnuPG (most renowned FOSS implementation):
- https://www.gnupg.org/documentation/howtos.en.html
- http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#prep
(preparation steps for a key-signing party)
- ...

To make the verification process as smooth and as little
time-consuming as possible, I would stick with a list-based method:
http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#list_based
and volunteer for a role of a coordinator.


What's needed?
Once you have a key pair (and provided that you are using GnuPG), please
run the following sequence:

# figure out the key ID for the identity to be verified;
# IDENTITY is either your associated email address/your name
# if only single key ID matches, specific key otherwise
# (you can use "gpg -K" to select a desired ID at the "sec" line)
KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)

# export the public key to a file that is suitable for exchange
gpg --export -a -- $KEY > $KEY

# verify that you have an expected data to share
gpg --with-fingerprint -- $KEY

with IDENTITY adjusted as per the instruction above, and send me the
resulting $KEY file, preferably in a signed (or even encrypted[*]) email
from an address associated with that very public key of yours.

[*] You can find my public key at public keyservers:
http://pool.sks-keyservers.net/pks/lookup?op=vindex&search=0x60BCBB4F5CD7F9EF
Indeed, the trust in this key should be ephemeral/one-off
(e.g., using a temporary keyring, not a universal one before we proceed
with the signing :)


Timeline?
Best if you send me your public keys before 2015-02-02. I will then
compile a list of the attendees together with their keys and publish
it at https://people.redhat.com/jpokorny/keysigning/2015-ha/
so you can print it out and be ready for the party.

Thanks for your cooperation, looking forward to this side-event and
hope this will be beneficial to all involved.


P.S. There's now an opportunity to visit an exhibition of the Bohemian
Crown Jewels replicas directly in Brno (sorry, Google Translate only)
https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.letohradekbrno.cz%2F%3Fidm%3D55

--
Jan
Re: [Pacemaker] HA Summit Key-signing Party [ In reply to ]
On 26/01/15 09:14 AM, Jan Pokorný wrote:
> Hello cluster masters,
>
> On 13/01/15 00:31 -0500, Digimer wrote:
>> Any concerns/comments/suggestions, please speak up ASAP!
>
> I'd like to throw a key-signing party as it will be a perfect
> opportunity to build a web of trust amongst us.
>
> If you haven't incorporated OpenPGP to your communication with the
> world yet, I would recommend at least considering it, even more in
> the post-Snowden era. You can use it to prove authenticity/integrity
> of the data you emit (signing; not just for email as is the case
> with this one, but also for SW releases and more), provide
> privacy/confidentiality of interchanged data (encryption; again,
> typical scenario is a private email, e.g., when you responsibly
> report a vulnerability to the respective maintainers), or both.
>
> In case you have no experience with this technology, there are
> plentiful resources on GnuPG (most renowned FOSS implementation):
> - https://www.gnupg.org/documentation/howtos.en.html
> - http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#prep
> (preparation steps for a key-signing party)
> - ...
>
> To make the verification process as smooth and as little
> time-consuming as possible, I would stick with a list-based method:
> http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#list_based
> and volunteer for a role of a coordinator.
>
>
> What's needed?
> Once you have a key pair (and provided that you are using GnuPG), please
> run the following sequence:
>
> # figure out the key ID for the identity to be verified;
> # IDENTITY is either your associated email address/your name
> # if only single key ID matches, specific key otherwise
> # (you can use "gpg -K" to select a desired ID at the "sec" line)
> KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)
>
> # export the public key to a file that is suitable for exchange
> gpg --export -a -- $KEY > $KEY
>
> # verify that you have an expected data to share
> gpg --with-fingerprint -- $KEY
>
> with IDENTITY adjusted as per the instruction above, and send me the
> resulting $KEY file, preferably in a signed (or even encrypted[*]) email
> from an address associated with that very public key of yours.
>
> [*] You can find my public key at public keyservers:
> http://pool.sks-keyservers.net/pks/lookup?op=vindex&search=0x60BCBB4F5CD7F9EF
> Indeed, the trust in this key should be ephemeral/one-off
> (e.g., using a temporary keyring, not a universal one before we proceed
> with the signing :)
>
>
> Timeline?
> Best if you send me your public keys before 2015-02-02. I will then
> compile a list of the attendees together with their keys and publish
> it at https://people.redhat.com/jpokorny/keysigning/2015-ha/
> so you can print it out and be ready for the party.
>
> Thanks for your cooperation, looking forward to this side-event and
> hope this will be beneficial to all involved.
>
>
> P.S. There's now an opportunity to visit an exhibition of the Bohemian
> Crown Jewels replicas directly in Brno (sorry, Google Translate only)
> https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.letohradekbrno.cz%2F%3Fidm%3D55

=o, keysigning is a brilliant idea!

I can put the keys in the plan wiki, too.

--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
_______________________________________________
ha-wg-technical mailing list
ha-wg-technical@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/ha-wg-technical
Re: HA Summit Key-signing Party (was: Organizing HA Summit 2015) [ In reply to ]
> What's needed?
> Once you have a key pair (and provided that you are using GnuPG), please
> run the following sequence:
>
> # figure out the key ID for the identity to be verified;
> # IDENTITY is either your associated email address/your name
> # if only single key ID matches, specific key otherwise
> # (you can use "gpg -K" to select a desired ID at the "sec" line)
> KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)

Oops, sorry, somehow '-k' got lost above ^. Correct version:

KEY=$(gpg -k --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)

> # export the public key to a file that is suitable for exchange
> gpg --export -a -- $KEY > $KEY
>
> # verify that you have an expected data to share
> gpg --with-fingerprint -- $KEY

--
Jan
Re: [Pacemaker] HA Summit Key-signing Party (was: Organizing HA Summit 2015) [ In reply to ]
On 26/01/15 15:14 +0100, Jan Pokorný wrote:
> Timeline?
> Best if you send me your public keys before 2015-02-02. I will then
> compile a list of the attendees together with their keys and publish
> it at https://people.redhat.com/jpokorny/keysigning/2015-ha/
> so you can print it out and be ready for the party.
>
> Thanks for your cooperation, looking forward to this side-event and
> hope this will be beneficial to all involved.

Thanks for participating.

Please print out
https://people.redhat.com/jpokorny/keysigning/2015-ha/complete.html
(best in landscape format), prior to checking your fingerprints
there, indeed, prepare you ID document, and you are ready to proceed
the signing event, which is currently planned on 2015-02-05 16:30 CET:
http://plan.alteeve.ca/index.php/Main_Page#Feb_5th
(I'll post an update should it change).

--
Jan
Re: [Pacemaker] HA Summit Key-signing Party [ In reply to ]
On 02/02/15 11:48 AM, Jan Pokorný wrote:
> On 26/01/15 15:14 +0100, Jan Pokorný wrote:
>> Timeline?
>> Best if you send me your public keys before 2015-02-02. I will then
>> compile a list of the attendees together with their keys and publish
>> it at https://people.redhat.com/jpokorny/keysigning/2015-ha/
>> so you can print it out and be ready for the party.
>>
>> Thanks for your cooperation, looking forward to this side-event and
>> hope this will be beneficial to all involved.
>
> Thanks for participating.
>
> Please print out
> https://people.redhat.com/jpokorny/keysigning/2015-ha/complete.html
> (best in landscape format), prior to checking your fingerprints
> there, indeed, prepare you ID document, and you are ready to proceed
> the signing event, which is currently planned on 2015-02-05 16:30 CET:
> http://plan.alteeve.ca/index.php/Main_Page#Feb_5th
> (I'll post an update should it change).

Will there be a printer available in the room/area of the summit? If so,
it might be good to set aside a bit of time to help people new to PGP
get setup before the actual key-signing.

--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
_______________________________________________
ha-wg-technical mailing list
ha-wg-technical@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/ha-wg-technical