In article <20041004194249.1ac15275@216-80-33-36.drb-bsr1.chi-drb.il.cable.rcn.com> (earth.lists.nanog) you wrote:
Those of you attending NANOG 32 are encouraged to submit your public PGP key to take part in the regular key signing event. ... As usual, the group PGP signing event will occur following the nsp-sec BoF on Monday night. Full details for the NANOG 32 PGP signing event can be found here:
There doesn't seem to be a lot of emphasis on identity verification according to this page. It only says "You might want to bring photo id with you". Personally, and all the keysignings I've been involved with and people I've spoken to about them, you should *always* verify government issue photo id when agreeing to sign someone's key. Len Sassaman's Efficient Group Key Signing Method is worth a read too. It's at: http://sion.quickie.net/keysigning.txt J. -- "Just because I'll spend 4 hours | .''`. Debian GNU/Linux Developer automating a task that takes 4 | : :' : Happy to accept PGP signed minutes by hand doesn't mean I'm | `. `' or encrypted mail - RSA + not lazy." -- Mike Sphar, asr | `- DSA keys on the keyservers.
On Tue, 5 Oct 2004 13:58:55 +0100 Jonathan McDowell <noodles@earth.li> wrote:
There doesn't seem to be a lot of emphasis on identity verification according to this page. It only says "You might want to bring photo id [...] http://sion.quickie.net/keysigning.txt
Thanks for the feedback. Other than a few minor host and link details I don't think that page has changed much over the last few meetings. I'll suggest some wording changes to the NANOG support folks offlist. In the meantime I've included the above link and the GnuPG Keysigning Party HOWTO document as notes to the event listing: <https://www.biglumber.com/x/web?ev=16478> In the past we've had each key fingerprint read off so participants can verify they have the correct signature. Len's method is certianly faster, which most people would probably appreciate. However, we often have a lot of last minute participants, which means ensuring everyone is on the list and everyone has their own hard copy of the list with the correct md5/sha1 hash may be a problem. If no one has any major complaints, we can use Len's method for those who get their keys into the keyring on biglumber a few working days before the meeting. That will give early participants time to bring their own hard copy of the list and make verification for those keys go that much faster for those who are planning ahead. Keys submitted after that period and up to 6:00 p.m. on Monday can be verified as we've always done, with each fingerprint being read and verified in front of the group or between individuals. This means two lists. One for Len's method and another for late participants (it'll include all keys for completeness). John
participants (2)
-
John Kristoff -
Jonathan McDowell