[tor-project] Key Signing Party! send your key DEADLINE Sept 29th

Mon Sep 24 16:18:00 UTC 2018

Hello people!

So, I will be hosting a Key Signing party in Mexico during the Tor Meeting.

Key signing parties should be called certificate verification parties
but we are conditioned by the interface, so we call it key signing.

Please send me your key on a signed email (unless is another kind of
key...), even if it is already in db.torproject.org. before Sept. 29th.

-------------------
DEADLINE Sept 29th.
-------------------

You also need to be present on the party to get signatures...

Lets verify and kill the MitM!

------------------------------------------------------------------
INSTRUCTIONS
------------------------------------------------------------------

Please don't participate of the party if you don't want public
signatures... it creates overhead and its very likely that somebody
will upload your key to the server with a new signature!

Make sure you have a 4096 bit RSA key. If not, generate a new one:
http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/

Make sure you follow the OpenPGP Best Practices:
https://riseup.net/en/security/message-security/openpgp/best-practices

You can get your key on a file called mynickname.asc by doing:

gpg --export --armor [your fingerprint]  mynickname.asc

You can also use this opportunity to add your OTR fingerprints, or other
services you may want to certify for the people attending.

For the OTR fingerprint, depending on your client:

Pidgin:  https://otr.cypherpunks.ca/help/fingerprint.php
Adium:   https://adium.im/help/pgs/AdvancedFeatures-OTREncryption.html
BitlBee: otr info
irssi:   /otr info

At the meeting: verify
======================

0. don't sign anything!

1. i will send the final file the day before, through the list

2. you can come with your laptop, or with a printed version of the file.

3. if you print the file, write the output of this command on the paper:

gpg --print-md sha256 fingerprint-verification-unverified.txt

4. read out the checksum and make sure everyone has the same file

5. create a copy of the file to make notes: % cp
fingerprint-verification-unverified.txt
fingerprint-verification-annotated.txt

6. everyone (silently): verify your fingerprint(s) and user ID(s) in the
document are correct

7. everyone (publically): identify yourself and verify that the
fingerprint(s) and user ID(s) are correct

8. everyone: fill in the checkboxes in
fingerprint-verification-annotated.txt: Fingerprint OK, ID OK

9. when done, sign the document:
gpg --detach-sign fingerprint-verification-annotated.txt

10. at home, sign the keys.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180924/65df566e/attachment.sig>