[Pacemaker] HA Summit Key-signing Party

Mon Jan 26 16:00:20 CET 2015

Am Montag, 26. Januar 2015, 09:17:24 schrieb Digimer:
> On 26/01/15 09:14 AM, Jan Pokorný wrote:
> > Hello cluster masters,
> > 
> > On 13/01/15 00:31 -0500, Digimer wrote:
> >> Any concerns/comments/suggestions, please speak up ASAP!
> > 
> > I'd like to throw a key-signing party as it will be a perfect
> > opportunity to build a web of trust amongst us.
> > 
> > If you haven't incorporated OpenPGP to your communication with the
> > world yet, I would recommend at least considering it, even more in
> > the post-Snowden era.  You can use it to prove authenticity/integrity
> > of the data you emit (signing; not just for email as is the case
> > with this one, but also for SW releases and more), provide
> > privacy/confidentiality of interchanged data (encryption; again,
> > typical scenario is a private email, e.g., when you responsibly
> > report a vulnerability to the respective maintainers), or both.
> > 
> > In case you have no experience with this technology, there are
> > plentiful resources on GnuPG (most renowned FOSS implementation):
> > - https://www.gnupg.org/documentation/howtos.en.html
> > -
> > http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#
> > prep> 
> >    (preparation steps for a key-signing party)
> > 
> > - ...
> > 
> > To make the verification process as smooth and as little
> > time-consuming as possible, I would stick with a list-based method:
> > http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#l
> > ist_based and volunteer for a role of a coordinator.
> > 
> > 
> > What's needed?
> > Once you have a key pair (and provided that you are using GnuPG), please
> > 
> > run the following sequence:
> >      # figure out the key ID for the identity to be verified;
> >      # IDENTITY is either your associated email address/your name
> >      # if only single key ID matches, specific key otherwise
> >      # (you can use "gpg -K" to select a desired ID at the "sec" line)
> >      KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)
> >      
> >      # export the public key to a file that is suitable for exchange
> >      gpg --export -a -- $KEY > $KEY
> >      
> >      # verify that you have an expected data to share
> >      gpg --with-fingerprint -- $KEY
> > 
> > with IDENTITY adjusted as per the instruction above, and send me the
> > resulting $KEY file, preferably in a signed (or even encrypted[*]) email
> > from an address associated with that very public key of yours.
> > 
> > [*] You can find my public key at public keyservers:
> > http://pool.sks-keyservers.net/pks/lookup?op=vindex&search=0x60BCBB4F5CD7F
> > 9EF Indeed, the trust in this key should be ephemeral/one-off
> > (e.g., using a temporary keyring, not a universal one before we proceed
> > with the signing :)
> > 
> > 
> > Timeline?
> > Best if you send me your public keys before 2015-02-02.  I will then
> > compile a list of the attendees together with their keys and publish
> > it at https://people.redhat.com/jpokorny/keysigning/2015-ha/
> > so you can print it out and be ready for the party.
> > 
> > Thanks for your cooperation, looking forward to this side-event and
> > hope this will be beneficial to all involved.
> > 
> > 
> > P.S. There's now an opportunity to visit an exhibition of the Bohemian
> > Crown Jewels replicas directly in Brno (sorry, Google Translate only)
> > https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie
> > =UTF-8&u=http%3A%2F%2Fwww.letohradekbrno.cz%2F%3Fidm%3D55
> =o, keysigning is a brilliant idea!
> 
> I can put the keys in the plan wiki, too.

What about publishing keys in DNSSEC?

Mit freundlichen Grüßen,

Michael Schwartzkopff

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein