The keysigning party at the LibreOffice Conference in 2014 is an excellent opportunity to strengthen the web of trust. We use a slightly modified version of the Zimmermann-Sassaman key-signing protocol relying on a key submission server rather than email to collect keys.
The keysigning party is scheduled to start at 17:00 on Thursday, September 4th in room 003 in the Engehalde building at Engehaldenstrasse 8.
If you intend to participate in the PGP keysigning event at the
LibreOffice Conference, you must submit the keys you would like to have
signed to the keyserver listening on
libo2014.keysigning.ch
.
If you are using GnuPG, this can easily be accomplished
with:
gpg --keyserver libo2014.keysigning.ch --send-key [keyid]
If you have multiple keys, try to submit them together. Since the
list is sorted by submission time, this will group your keys on the list,
saving everyone from a lot of browsing forward and backward through the
list.
The keyserver is a bit hackish, so please verify your submission made it to the keyserver by checking the list of keys at https://libo2014.keysigning.ch/keys/ If the key is not there, wait 5 minutes and try again. If it still doesn't show up, email the coordinator.
During the submission period, graphs will be generated of the density of the web of trust and the rate at which keys are being submitted. You can find these graphs at https://libo2014.keysigning.ch/graphs/
The deadline for submissions is Saturday, 30 August 2014 at 23:59:59 CEST (UTC +0200). After this date, the keyserver will no longer accept submissions and the official keylist will be published.
Update (2014-08-31 00:01 CEST): The key submission period is now closed. The final keylist is available for download at https://libo2014.keysigning.ch/files/
For those who may have missed the deadline and are not part
of the official list, you're still welcome to participate on an ad-hoc basis. Please print out at least 30 (40 is probably better) copies of your PGP key(s) fingerprint and bring them with you in addition to your printed and verified copy of the official keylist. GPG can show your key's fingerprint as follows:
gpg --fingerprint [keyid]
You can then hand out the printout of your key fingerprint to other participants. This is less efficient than the process involving the list, but should be fine for the expected size of the group.
If you are participating in the keysigning event (i.e., you have submitted your key to the keyserver), you should download the final list of participants and follow its instructions closely.
The final list of participants will be available from https://libo2014.keysigning.ch/files/
If there is a trust-path between you and the coordinator (KeyID: 0x85EB9F44), you should verify the list's detached signature using:
gpg --verify ksp-libo2014.txt.sig ksp-libo2014.txt
The keysigning event will take place from 17:00 to 18:00 on Thursday, September 4th in room 003 in the Engehalde building at Engehaldenstrasse 8 (right next to the conference's social event, which starts at 18:00). Previous keysigning events last approximately one hour per 100 keys on the list. Please bring the printed list, a pen, and at least two appropriate forms of identification (typically a government-issued photo ID such as a passport, driver's license, ID card, etc.) with you to the keysigning event.
You may find it useful to make a badge stating the number(s) of your key(s) on this list and the fact that you verified the fingerprints of your own key(s). Provide a place to mark that your hashes match those on the list. Be on time to verify the hashes as they are announced!
I am number 001 My keyID & fingerprint: [x] The hashes: [ ]
To avoid descending into chaos, the organizer will line up the participants in the order of the list.
1 - 2 - 3 - 4 - 5 - 6 - 7 - 8
Next, this line folds on itself, so everyone is facing another participant.
1 - 2 - 3 - 4 8 - 7 - 6 - 5
After the participants have verified each other's identity, the whole line moves one step to their right. Participants on the end of the line move to the opposite line. That way, everyone should be facing the next person on their list (modulo no-shows).
2 - 3 - 4 - 5 1 - 8 - 7 - 6
2 - 3 - 4 - 5 1 - 8 - 7 - 6
In addition, we will have some CAcert assurers on-hand to do assurances. Please be sure to bring at least 5 filled out copies of your CAcert Web of Trust form for the assurers.
If you participated in the keysigning event, but missed (parts of) the participant list hashes as they were announced at the start, you should verify the hashes before signing any keys.
The hashes can be downloaded from https://libo2014.keysigning.ch/files/ . If there is a trust-path in between you and the coordinator (KeyID: 0x85EB9F44), you should verify the file's detached signature using:
gpg --verify ksp-libo2014-hashes.txt.sig ksp-libo2014-hashes.txt
Please complete your signing "homework" by Wednesday, 1 October 2014, and upload the signed keys to a well-connected keyserver.
If you have any questions, comments, or requests regarding the keysigning, please contact Pete Stephenson (KeyID: 0x85EB9F44).
This work, "LibreOffice Conference 2014 - Keysigning Party" is a derivative of " FOSDEM 2014 - Keysigning" by FOSDEM, used under CC BY 2.0 Belgium.