Talk:PGP Keysigning

From What The Wiki?!

• I don't think it is a problem to take more parts out of the 21c3-wiki
• Of course we could leave it with only the complete list fingerprint. People who want to check every fpr can do thsi when checking the IDs ...
• We need a coordinator for the event. Anyone?
• We need a clear 'when' and 'where' on the main page, imho.

- Sebastian Krohn Thu Jun 23 10:49:15 CEST 2005

Is it somehow legal to use some more text from the 21C3 wiki? I don't see a reason to invent everything again.

- BugBlue Wed Jun 22 23:19:31 MEST 2005

I don't get why we should check the whole list for integrity *and* the individual fingerprints

- DWizzy 02:13, 23 Jun 2005 (CEST)

why to check the whole list and individual prints

These are mainly 2 actions.

The first is some days just before you leave to what the hack you download the whole list with the fingerprints, do some md5 and sha1 checksum over it. Fill this in in the list and print out the complete list. That's checking 'the list'. Mainly to be sure that everyone has the same list.

At what the hack everybody stand together and you have to confirm that your fingerprint is right on the list.

After this the 3rd check takes place before you can actually sign the keys. You have to check everyone's ID or Passport to be sure it's really him/her.

- BugBlue

You're describing the three steps now, but I still don't get why one should take the first two steps if the third one should be enough - DWizzy 20:40, 30 Jun 2005 (CEST)

To speed it up. If you have a lot of people (like in Debconf5 you've got 169 PGP keys to sign) going through all fingerprints hexdigit by hexdigit would take ages. The 1st step above is used to check that everyone has the same list. The 2nd step can be done at the same time with 3rd, and here the guy whose key you are checking just needs to say "my fingerprint was ok on the list that everyone has", and then check the passport.

- avs 13:38, 11 Jul 2005 EET DST

then why not just let the guy that has a false fingerprint on the list stand up and shout "I'm being framed!" instead?

- DWizzy 15:59, 11 Jul 2005 (CEST)

why a passport? isn't a drivers license not enough?

- Folkert van Heusden 21:19, 24 Jul 2005 (GMT+1)

Waiting for signatures..

What is a normal amount of time to allow for signatures to be sent/uploaded after a party at an event like WTH?

--Udo 5 August 2005 17:31 (CEST)

last time I had to wait about three weeks before most keys were signed from a signing party.

--DWizzy 5 August 2005 18:54 (CEST)