[Pacemaker] HA Summit Key-signing Party (was: Organizing HA Summit 2015)
Jan Pokorný
jpokorny at redhat.com
Mon Jan 26 14:14:38 UTC 2015
Hello cluster masters,
On 13/01/15 00:31 -0500, Digimer wrote:
> Any concerns/comments/suggestions, please speak up ASAP!
I'd like to throw a key-signing party as it will be a perfect
opportunity to build a web of trust amongst us.
If you haven't incorporated OpenPGP to your communication with the
world yet, I would recommend at least considering it, even more in
the post-Snowden era. You can use it to prove authenticity/integrity
of the data you emit (signing; not just for email as is the case
with this one, but also for SW releases and more), provide
privacy/confidentiality of interchanged data (encryption; again,
typical scenario is a private email, e.g., when you responsibly
report a vulnerability to the respective maintainers), or both.
In case you have no experience with this technology, there are
plentiful resources on GnuPG (most renowned FOSS implementation):
- https://www.gnupg.org/documentation/howtos.en.html
- http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#prep
(preparation steps for a key-signing party)
- ...
To make the verification process as smooth and as little
time-consuming as possible, I would stick with a list-based method:
http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#list_based
and volunteer for a role of a coordinator.
What's needed?
Once you have a key pair (and provided that you are using GnuPG), please
run the following sequence:
# figure out the key ID for the identity to be verified;
# IDENTITY is either your associated email address/your name
# if only single key ID matches, specific key otherwise
# (you can use "gpg -K" to select a desired ID at the "sec" line)
KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5)
# export the public key to a file that is suitable for exchange
gpg --export -a -- $KEY > $KEY
# verify that you have an expected data to share
gpg --with-fingerprint -- $KEY
with IDENTITY adjusted as per the instruction above, and send me the
resulting $KEY file, preferably in a signed (or even encrypted[*]) email
from an address associated with that very public key of yours.
[*] You can find my public key at public keyservers:
http://pool.sks-keyservers.net/pks/lookup?op=vindex&search=0x60BCBB4F5CD7F9EF
Indeed, the trust in this key should be ephemeral/one-off
(e.g., using a temporary keyring, not a universal one before we proceed
with the signing :)
Timeline?
Best if you send me your public keys before 2015-02-02. I will then
compile a list of the attendees together with their keys and publish
it at https://people.redhat.com/jpokorny/keysigning/2015-ha/
so you can print it out and be ready for the party.
Thanks for your cooperation, looking forward to this side-event and
hope this will be beneficial to all involved.
P.S. There's now an opportunity to visit an exhibition of the Bohemian
Crown Jewels replicas directly in Brno (sorry, Google Translate only)
https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.letohradekbrno.cz%2F%3Fidm%3D55
--
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20150126/36b43c13/attachment-0004.sig>
More information about the Pacemaker
mailing list