[LCA2015-Chat] keysigning party

Delan Azabani delan at azabani.com
Wed Jan 14 22:50:25 EST 2015

Just a quick hint for the paranoid, which I didn't realise until it
was pointed out to me today:

Do not push someone else's key — which you've just signed — to any
public key server yourself. Export the newly signed key, encrypt it
with said public key, and send it to the listed email addresses.

Both caff and gcaff provide this functionality automatically.

When you receive your signed and encrypted public key from someone
else, you should then decrypt it, import it, and send it to a public
key server of your choice. I like pgp.mit.edu, but any one will do,
as public key servers tend to propagate keys among each other.

This is a crucial final piece in the trust puzzle, because:

a) It proves that the person can actually receive email at the email
addresses listed in their public key's uid fields, and

b) It proves that the person actually possesses the corresponding
private keys which are paired with their alleged public keys.

While there wasn't any obvious evidence of foul play yesterday, please
follow this to avoid any possible misconduct.

On Wed, Dec 17, 2014 at 11:36 PM, Aníbal Monsalve Salazar
<anibal at debian.org> wrote:
> On Tue, 2014-12-16 21:20:32 +1300, Lin Nah wrote:
>> On Tue, Dec 16, 2014 at 8:40 PM, Fraser Tweedale <frase at frase.id.au> wrote:
>>> I will facilitiate a keysigning party during linux.conf.au 2015.
>>> Date and details will be sorted out in coming weeks but in the
>>> meantime please submit your keys at https://frase.id.au/lca2015 .
>> FYI Daniel Sobey started this page on the lca2015 wiki.
>> https://linux.conf.au/wiki/keysigning
>> P.S. a plug for my graphical OpenPGP signing assistant, gcaff:
>>>      https://github.com/frasertweedale/gcaff
> Hello Fraser,
> May I suggest to include *only* 4K (or larger) RSA keys for the LCA2015
> keysigning party?
> For the keysigning party during DebConf 2014 in Portland, we decided to
> not accept DSA keys, as they are now considered weak.
> http://plog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html
> The webpage above describe some maths about two DSA attacks. The one
> below is about best practices for your key,
> https://help.riseup.net/en/security/message-security/openpgp/best-practices
> Cheers,
> Aníbal
> _______________________________________________
> Chat mailing list
> Chat at lists.lca2015.linux.org.au
> http://lists.lca2015.linux.org.au/mailman/listinfo/chat

More information about the Chat mailing list