Re: [LUG] March (27th ? TBD) Exeter area D&C LUG meeting

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] March (27th ? TBD) Exeter area D&C LUG meeting
From: Neil Williams <linux@xxxxxxxxxxxxxx>
Date: Thu, 20 Feb 2003 22:24:44 +0000
Reply-to: list@xxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 19 Feb 2003 8:04 pm, Simon Waters wrote:
> I'd like to organise a D&C LUG meeting in March (open to all of
> course).
>
> I hope to have a guest speaker from the Met Office, as well as
> perhaps one or two more familiar faces.
>
> Neil is keen to organise another key signing - this time you
> will bring your identity papers, and fingerprints, at the very
> least - ve have vays to make you trust us.

(fingerprint = GnuPG/PGP fingerprint not inky fingers.)

- --------------------------------------------------------------------------

What I discovered from the St. Austell meeting is:

1. Everyone attending the key signing needs to bring ID - it's a case of
matching a name and an email address to a physical person. Some users already
have photos in the Members Register, I can vouch for Alex, Simon, Paul and
myself as I took the pictures! (May try the same thing at this meet, so be
presentable!). At the very least, everyone with a GnuPG key should bring some
ID to show you are who you say you are. (See man gpg for more on this,
passports are ideal also new-style driving licence or other photo ID.)

2. Everyone attending the key signing should also bring PRINTED copies of
their public key fingerprints - preferably several copies so that those who
cannot bring a laptop can take the fingerprint home.

3. Those who can bring a laptop, please try and sign as many keys as you can
during the meeting. If you haven't already, please download onto your laptop
installation the keys of those likely to attend. If everyone gets their key
signed by just one person at the meeting, every key can be verified by the
wonders of GnuPG and the 'web of trust'.

Here are some keys to download:
AB181ED9 1996-05-12 david morgan
FF2B6E6D 1996-06-06 Adrian Midgley
2CF959B1 1996-10-30 david morgan
C677B305 1997-03-04 Dr Adrian Midgley
2801834D 1998-08-12 Mobile Office Services
64B5E037 1998-11-05 dave morgan
4B81E381 2000-04-17 Homefield Surgery
352E6A79 2000-04-30 Dr Adrian Midgley
D91F5A5C 2000-10-19 Mark Fullalove
40581837 2000-10-23 Nick Kew
16FB612B 2001-03-16 Nicholas John Murison
B80E0D96 2001-04-04 Theo Zourzouvillys
0A539FA6 2001-05-26 Theo Zourzouvillys
625ABC20 2001-05-29 Benjamin Clay Charlton
26BE25B4 2001-06-02 Mike Williams
7AA4141E 2001-07-17 Ian Smith
9006C434 2001-09-26 Peter J Ross
73041E9A 2001-11-11 Adrian Midgley
28BCB3E3 2002-01-27 Neil Williams
A897FD02 2002-01-27 Neil Williams
A000D5CC 2002-05-18 Kai I Hendry
C5AEEA61 2002-05-30 Neil Stone
2F9E8BC5 2002-08-01 Matthew Browning
7F98290D 2002-08-24 David Johnson
46A8BB49 2002-10-16 Mark Hillary
8F455606 2002-11-01 Simon Waters
40FA2EFA 2002-11-12 James Keasley
C509126E 2002-12-22 Matt Lee
60311A36 2003-01-15 Simon Prosser
1BB3FE79 2003-01-17 Tony Atkin
F880BC0F 2003-01-31 Fizzgig

4. Those who have more than one key, please indicate to all concerned WHICH
key you would like signed and whether other keys are still in use.
(I use 28BCB3E3 and A897FD02 but 28BCB3E3 is my main key).

5. Those bringing a laptop, please take time to show others how to sign keys -
including how to sign just one UID, what level of trust to sign and how to
send the signed key to the keyserver.

=======================
- From man gpg:

		0 means you make no particular claim as to how carefully  you
                 verified the key.

                 1 means you believe the key is owned by the person who claims
                 to own it but you could not, or did not  verify  the  key  at
                 all.   This is useful for a "persona" verification, where you
                 sign the key of a pseudonymous user.

                 2 means you did casual verification of the key.  For example,
                 this  could  mean  that you verified that the key fingerprint
                 and checked the user ID on the key against a photo ID.

                 3 means you did extensive verification of the key.  For exam-
                 ple,  this  could  mean that you verified the key fingerprint
                 with the owner of the key in person, and that you checked, by
                 means  of a hard to forge document with a photo ID (such as a
                 passport) that the name of the key owner matches the name  in
                 the  user  ID  on  the key, and finally that you verified (by
                 exchange of email) that the email address on the key  belongs
                 to the key owner.

                 Note  that  the  examples  given above for levels 2 and 3 are
                 just that: examples.  In the end, it is up to you  to  decide
                 just what "casual" and "extensive" mean to you.

At a key signing event, I'd hope that everyone should feel confident enough to
sign at level 3 but that depends on the ID that people bring along.

Finally, and most importantly, everyone who signs a key (at the meet or later
at home) should commit to making that signature public by exporting the
signed key to a public keyserver once they are back home and online - without
that, no-one else can update their own keys and incorporate the signature
into their ring. It's a simple command once online.

Some gpg commands to use:
(substitute A897FD02 for the keyid you are signing or checking. You can
specify multiple keys in most cases.)

gpg --fingerprint A897FD02
gpg --keyserver pgp.mit.edu --recv-keys A897FD02
gpg --edit-key A897FD02
	uid 1
	sign
	save

Note the uid 1 command above. That would mean that you would then sign just
the first UID, Neil Williams (CodeHelp) rather than signing UID's for email
addresses that you haven't been able to verify.
gpg --list-keys 28BCB3E3
pub  1024D/28BCB3E3 2002-01-27 Neil Williams (CodeHelp)
uid                            N Williams (CodeHelp)
uid                            Neil Williams (Linux User Group)
uid                            Neil Williams (general)
sub  1024g/AD3CB326 2002-01-27

gpg --check-sigs A897FD02
gpg --list-keys A897FD02
gpg --list-sigs A897FD02

gpg --keyserver pgp.mit.edu --send-keys A897FD02

(all keyservers share keys, so pgp.mit.edu is as good as any)

> I was thinking perhap Education as a secondary theme for the
> evening, I'm sure we have some lurking expertise here and at the
> University.

> I'm making enquiries on venues at the moment.

Is the meet likely to be at the Uni? I'm not going to able to get to Exeter
much before 8pm and the Uni is the only place in Exeter I even have a slight
chance of finding - especially at night.

> Thursday 27th March is looking like a good date at the moment. I
> suggest we can pencil that is and book a venue to match.
>
> The meeting will be in the Exeter area to accommodate our guest
> speaker.
>
> We'll have a lot to fit in - perhaps we need more regular meetings?


- --

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+VVWuiAEJSii8s+MRAgUvAKD0rfqhq7QEcrHswEtCJYJbrZCgXwCg3CAI
A70K+6mkf2oZYSbblktaAdc=
=cwki
-----END PGP SIGNATURE-----


--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.
[LUG] PCMCIA Modems
- From: LUG Richard Brown
Prev by Date: Re: [LUG] March (27th ? TBD) Exeter area D&C LUG meeting
Next by Date: Re: [LUG] March (27th ? TBD) Exeter area D&C LUG meeting
Previous by thread: Re: [LUG] March (27th ? TBD) Exeter area D&C LUG meeting
Next by thread: [LUG] PCMCIA Modems
Index(es):
- Date
- Thread
Lynx friendly