Hello people!
So, I will be hosting a Key Signing party in Mexico during the Tor Meeting.
Key signing parties should be called certificate verification parties but we are conditioned by the interface, so we call it key signing.
Please send me your key on a signed email (unless is another kind of key...), even if it is already in db.torproject.org. before Sept. 29th.
------------------- DEADLINE Sept 29th. -------------------
You also need to be present on the party to get signatures...
Lets verify and kill the MitM!
------------------------------------------------------------------ INSTRUCTIONS ------------------------------------------------------------------
Please don't participate of the party if you don't want public signatures... it creates overhead and its very likely that somebody will upload your key to the server with a new signature!
Make sure you have a 4096 bit RSA key. If not, generate a new one: http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/
Make sure you follow the OpenPGP Best Practices: https://riseup.net/en/security/message-security/openpgp/best-practices
You can get your key on a file called mynickname.asc by doing:
gpg --export --armor [your fingerprint] mynickname.asc
You can also use this opportunity to add your OTR fingerprints, or other services you may want to certify for the people attending.
For the OTR fingerprint, depending on your client:
Pidgin: https://otr.cypherpunks.ca/help/fingerprint.php Adium: https://adium.im/help/pgs/AdvancedFeatures-OTREncryption.html BitlBee: otr info irssi: /otr info
At the meeting: verify ======================
0. don't sign anything!
1. i will send the final file the day before, through the list
2. you can come with your laptop, or with a printed version of the file.
3. if you print the file, write the output of this command on the paper:
gpg --print-md sha256 fingerprint-verification-unverified.txt
4. read out the checksum and make sure everyone has the same file
5. create a copy of the file to make notes: % cp fingerprint-verification-unverified.txt fingerprint-verification-annotated.txt
6. everyone (silently): verify your fingerprint(s) and user ID(s) in the document are correct
7. everyone (publically): identify yourself and verify that the fingerprint(s) and user ID(s) are correct
8. everyone: fill in the checkboxes in fingerprint-verification-annotated.txt: Fingerprint OK, ID OK
9. when done, sign the document: gpg --detach-sign fingerprint-verification-annotated.txt
10. at home, sign the keys.
Ok, the time to join the keysigning party is over!
here is the file with the keys I have compiled.
---------------------------------------------------- PLEASE NOTE THAT THIS LIST HAS NOT BEEN VERIFIED YET ----------------------------------------------------
Before coming to the party, there are a couple of things you need to do:
* Download the attached file on your laptop and get this checksum number: gpg --print-md SHA256 ksp-file.txt
* Print the file if you rather don't come to the party with your computer, and write the checksum on your paper.
See you on the party!
On Sun, Sep 30, 2018 at 05:30:39PM -0400, Ian Goldberg wrote:
On Sun, Sep 30, 2018 at 02:12:00PM +0000, emma peel wrote:
Tuesday, October 2, 2018; 00:00
Is this really going to be at midnight? Hmm.
The wiki has the keysigning at 16:00 on Oct 2: https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Pu...
--Roger
tor-project@lists.torproject.org
-
emma peel -
Ian Goldberg -
Roger Dingledine