Shachar Shemesh wrote:
1. Have a PGP key. You can generate one for yourself using gpg.
Make sure to keep it somewhere safe afterwards, and not forget the password for it.
2. Send the PGP key finger print to me AT LEAST A WEEK BEFORE THE CONFERENCE. Any later then that, and it is not certain that we'll manage to get your key on the printed piece of paper that is necessary for carrying out the party.
My mistake. I'm going to need both the finger print AND the actual key. Also, if you DON'T want the key published to a key server (I use http://pgp.mit.edu), please let me know well in advance. Obviously, your key will be published to all the people present at the key party. If your name's not there on your email headers, include it in the body. The name must be the same as appears on your formal IDs.
The purpose of a pgp signing party is to establish a link between your virtual identity (your key) and your real one (as verified by an ID). For that reason it is impossible to participate by proxy, or under an alias.
3. Bring a copy you can trust to wineconf, to make sure other people are really signing your key (i.e. - that I'm not pulling anybody's leg).
What you need is to do one of two things. A week before the party I'm going to send to everyone who is participating in the pgp signing party a text file which has everyone's names and fingerprint on it. You will need to go over this page and make sure that your own name is spelled correctly. Also make sure that the fingerprint on the page is the same as the one you sent me.
The full details of what a key signing party is, why are the procedures as they are, and what's so important about *not* signing the keys with your laptop at the party can be found at http://www.cryptnet.net/fdp/crypto/gpg-party.html
Already this is turning out to be a better success than last year. Make sure to join the web of trust and get your key recognized.
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html
