Key signing and Assurance WoT party
The Keysigning will take place on Sunday from 12:00 to 14:00 in room Ferrer
Registration for the PGP signing is closed.
PGP public key and CAcert certificate identification is based on multiple (the more the better) persons doing an identification check with official identity document(s), like a driver license, passports, identity cards, etc.: the Web of Trustworthy. The Web of Trust is basically a reciprocal process: one has to identify to each other.
The party is essential to strengthen the Web of Trust and keep the security technique open and freely available.
Like previous years, there will be a PGP key signing and CAcert assurance party at FOSDEM. Have your identity checked at the party and bring with you a governmental issued identity document.
The procedures for the
signing are simple.
We make two lines: one for signers
and and one for Assurers will sit (floor/seat). Visitors willing
to be assured or have their fingerprint signed will pass and
show their identity papers. The name on the identity paper
should be exactly the same as on the assurance form. Assurance
papers will be signed. Assurance points will be assigned.
Be prepared and follow the instructions so the enormous success of last year can be repeated. If you do not join the party make sure you use the excuse of “can you sign my PGP key†or “can you assure me for CAcert†to start a chat with a random person.
GPG/PGP and digital X.509 certificates are both en/decryption and signing applications. GPG is merely used in securing open source software package distributions. The open source technique is GNU GPG. X.509 is merely used in signing documents and securing internet communications (e.g. SSL). The open source technique is OpenSSL.
GPG/PGP key signing
Detailed instructions on how to join the PGP Keysigning Party are published at ksp.mdcc.cx.
Stuff to do right now
Submit your PGP public key to the HKP keyserver e.g.
at ksp.mdcc.cx, to do this run:
gpg --keyserver hkp://ksp.mdcc.cx --keyserver-options export-minimal --send-keys
yourkeyid
Where yourkeyid is e.g. 0B86B067.
See e.g. the output of
"gpg --fingerprint '
Your Name
'
",
which looks like:
pub 2048D/0B86B067 2006-02-27
uid
Joost van Baal [...]
sub 2048g/F0B86553 2006-02-27
You need the key id "0B86B067
" on the
line with "pub
".
Make sure you print off at home a bunch of finger print slips and bring them with you to the event. For every PGP signature you need one slip.
CAcert Assurances
Stuff to do right now
Go to the CAcert website to register an account (primary email address and your full name as it is on your official identity document.
Download the CAcert Certificate Assurance Programme form (pdf format):
2009 CAP form (the newest form). This form can be completed with a pdf reader. This form has the CAcert Community Agreement which you need to agree to.
The form is also available from SVN cap_empty.pdf .
The conventional way: Once logged in on the site, click on "CAcert Web of Trust" menu. Open the menu and download the personal "A4 - WoT Form".
You need for every assurance a completed form. At least 10 printed forms are recommended to take with you. You need more as just one Assurance in order to have your name on the certificate or even become an Assurer yourself and help to establish the web of trust. You should also do this if you are already Assurer, so that cross signatures are possible.
More official proofs of identity give you more Assurance Points. With at least 50 Assurance Points you have your name on the certificate. With the Agreement ticked and signed you join the CAcert Community and will be able to get an issued certificate signed with the new CAcert Root key, which is hopefully included in the browser mainstream soon this year.
For CAcert Assurers:
Assurers are those who have collected at least 100 Assurance
Points and passed the
Assurer Challenge
(make sure you did). As multiple names as on the identity papers
are allowed but not implemented yet, the Assurer is asked to
note the shown name as well the “similar†name on the web
interface on the signed form. If the CAcert Community Agreement
has been agreed (tick on the form) the Assurer is asked to add
+CCA on the location field on the web interface. The
Assuree needs to understand the CCA. Read the Certificate Policy
Statement of CAcert (CPS).
Allow the Assuree to provide him with the Assurer identity and email
contact address.
For CAcert Assurers there will be available free Assurer pins to help
you to identify as Assurer.
More CAcert information:
Introduction
to the CAcert Assurance Program
www.cacert.org
wiki.cacert.org