KSP Linuxwochen Wien 2014

The following website addresses all people who (i) attend the Linuxwochen Wien 2014, (ii) possess a PGP key, and (iii) want to participate in a key-signing party where all participants sign each others’ key.

If you missed the deadline for key submission, you can still participate in the key signing! See details below.

Motivation

What is key-signing? Assume you obtained the public key of a particular person – how do you know that your copy of the public key is authentic? PGP does not have central authorities that would testify for the authenticity, but relies on the concept of the web of trust. The idea is that people meet and verify the authenticity of other keys and then certify the authenticity of a key by signing it. This way PGP users collect signatures from other users that testify for the authenticity of their own key, and the more the better. For instance, here is a list of signatures for my current key: 0973919e.

So the goal for a key-signing party is simple: Collect signatures for your key, and sign others’ keys! This way we contribute to the web of trust and improve its effectiveness.

Zimmermann–Sassaman key-signing protocol. The Zimmermann–Sassaman key-signing protocol is a way to improve efficiency and to reduce effort of everyone when verifying each others’ identity and collecting each others’ key-fingerprint. However, it requires a little preparation BEFORE the actual key-signing party. So please follow the instructions below carefully!

Instructions

It is very important that everyone precisely follows these instructions.

1. Before the party.

   • Until Tue, May 6, 23:59 CET:

     Submit your key to the keyserver¹ ksp-lwwien2014.sthu.org if you are attending the key-signing party on May 8th. Using gpg you can achieve this by calling

         gpg --keyserver ksp-lwwien2014.sthu.org --send-keys KEYID
     

     with your KEYID. You can check whether uploading worked by inspecting ksp-lwwien2014.txt. It is regenerated when a key is submitted and should contain your key.

     If you want to create a new key (because your current key expires soon, or you want a more secure key, etc.) then now is a good time.

   • I will compile a text file with all submitted keys and send it to you. This file will look similar to ksp-lwwien2014.txt.

     You need to print the file, compute the sha256 checksum, and write the checksum on the paper. At the party, I will announce the correct checksum. Everyone needs to check the checksum such that we can be sure that we all have exactly the same file printed. You should also check that the fingerprint of your key on the list is correct.

     Details on these steps will be sent along with the mail containing the list.

   • If you could not submit your key until the deadline, you can still participate in the key signing, but not in the Zimmermann–Sassaman protocol. Just bring a sufficient number of printouts of your fingerprints with you, e.g., by printing the output of

         gpg --fingerprint KEYID
     

     All participants can exchange fingerprints and verify IDs in the traditional way after we executed the protocol. In fact, it also makes sense for people that do participate in the Zimmermann–Sassaman protocol to bring printouts of their fingerprints with them.

2. At the event.

   • You need to bring your (!) printed list and a pen. You must not copy the list of someone else.
   • You need to bring a document of identification² (e.g., passport, driving license) that shows a photo of you.
   • I will moderate the procedure by which we will efficiently check each others’ ID document and the validity of the fingerprints.
   • Slides: ksp.pdf