%HTMLlat1; %HTMLsymbol; %HTMLspecial; ]> Key Signing Policy
Roland van Ipen­burg
To be stolen or blogged

Key Sign­ing Pol­i­cy

Tues­day 3 March 2009 21:26

After a cou­ple of key sign­ing par­ties it looks like a have some kind of key sign­ing pol­i­cy:

  1. Pri­or to a KSP I send my pri­ma­ry key ID 0x942CFFC4 to the or­ga­niz­ers. This key is avail­able on the key­servers, so that's all that's need­ed.
  2. At the KSP I ex­pect the or­ga­niz­ers to pro­vide a hard­copy of the list of fin­ger­prints of the par­tic­i­pants of the KSP. I don't have a print­er, so I don't both­er with hard­copies my­self.
  3. At the KSP I check the fin­ger­print list­ed as mine on the hard­copy pro­vid­ed to me against my fin­ger­print on my trust­ed GPG slip.
  4. KSP style check­ing of the oth­er fin­ger­prints, check­ing them of on the hard­copy.
  5. KSP style check­ing of IDs, check­ing them of on the hard­copy.
  6. After the KSP keys with checked fin­ger­print and ID are fed to caff on the sys­tem that stores my pri­ma­ry key.
  7. After the KSP the suc­cess­ful­ly checked keys are im­port­ed into my keyring, prefer­ably from a keyring send by the or­ga­niz­ers.

If every par­tic­i­pant of the KSP does this every­body ends up with a bunch of en­crypt­ed keys con­tain­ing signed keys in sev­er­al mail­box­es. The point of caff is that I don't re­al­ly care what hap­pens with the keys I've signed and sent. They could just be im­port­ed in a keyring so it en­ables trust­ed com­mu­ni­ca­tion be­tween me and that par­tic­i­pant, or im­port­ed and re­leased to a key­serv­er. That's up to the key sign­ing pol­i­cy of the par­tic­i­pant to de­cide.

What I do is pipe every at­tach­ment through gpg2 --im­port, then do gpg2 --send-key 942CFFC4. If we then do a gpg2 --re­fresh-keys the sig­na­tures on our own key are synced, and the im­port­ed keys from the oth­er mem­bers are up­dat­ed, maybe in­clud­ing my sig. If my sig shows up through this route every­thing went ok and we can op­tion­al­ly add trust to that key to ex­pand our web of trust.


Book­mark this on De­li­cious

Add to Stum­bleUpon

Add to Mixx!



application away browser buy cool data days different flash game gta html ibook internet linux movie open play playstation possible run screen server side site stuff system train web windows work

Blog Posts (418)

Image Gal­leries

ipen­bug Last.fm pro­file

ipen­bug last.fm pro­file

Fol­low me on Twit­ter

Roland van Ipen­burg on face­book
Lin­ux Regis­tered User #488795
rolipe BOINC com­bined stats


Add to Google

Valid XHTML + RFDa Valid CSS! Hy­phen­at­ed XSL Pow­ered Valid RSS This site was cre­at­ed with Vim Pow­ered by Bri­co­lage! Pow­ered by Post­greSQL! Pow­ered by Apache! Pow­ered by mod­_perl! Pow­ered by Ma­son! Pow­ered by Perl Made on a Mac Pow­ered By Mac OS X XS4ALL This site has been proofed for ac­cu­ra­cy on the VISTAWEB-3000 Creative Com­mons Li­cense
This work by Roland van Ipen­burg is li­censed un­der a Creative Com­mons At­tri­bu­tion-Non­com­mer­cial-Share Alike 3.0 Un­port­ed Li­cense.
Per­mis­sions be­yond the scope of this li­cense may be avail­able at mail­to:ipen­burg@xs4all.nl.