[lca2018-chat] Keysigning BOF
Simon Lees
simon at simotek.net
Mon Jan 15 20:48:31 AEDT 2018
On 15/01/18 17:56, Cera Davies wrote:
> Hey there
>
> Glad this is happening, some quick thoughts -
>
> At the last keysigning event I went to (not at LCA), I couldn't get
> anyone to sign my key because at the time the name on my photo ID did
> not match the name I go by. This was despite being well known by my name
> in the room as well as going by that name publicly all over the web, on
> the website of my employer, etc.
>
> I'd like to respectfully suggest that keysigners at LCA reflect for
> themselves on what it means to strictly require government-issued photo
> ID as proof of identity over and above all other forms of social
> identification, what kind of people may be excluded on that basis, what
> kind of difficulties it could create for those people, and (most
> importantly) whether it pushes away some of the people who could benefit
> the most from security and involvement in our community. Of course I'm
> not asking people to be less serious about verification - just to
> reconsider how it should be judged.
>
> In my own view, we've created a very impoverished distributed security
> platform if we tut-tut and frown when asked to sign a key without a
> document of proof from the state.
>
This is one of the reasons I like keybase.io, when your contributing to
open source software I don't really care about your name or what you
look like, but if I can trust and verify that your github account, git
commits websites and emails etc are all coming from the same identity
thats all thats really important because I can see and trust the work of
that identity.
Unfortunately because I don't know you its hard for me to come to a key
signing and sign your key, whereas if I didn't know Daniel I could look
at his official ID and go that is probably him and sign his keys.
If I worked with you or spent a lot of time at a LUG / Hackerspace etc
and could see that you clearly use that as your identity everywhere i'd
probably sign your key. Although I'm somewhat new to this and may not
know if thats technically correct.
>
> On Mon., 15 Jan. 2018, 17:36 Daniel Sobey, <dns at dns.id.au
> <mailto:dns at dns.id.au>> wrote:
>
> Hello Everyone,
>
> I'm planning on running a keysiging bof this year.
> For those that don't know a key signing party is a session where we
> prove our identities to each other and confirm that we own that gpg
> key building a web of trust between participants.
> I have not yet booked a time but i'm thinking of running this on
> Thursday or Friday possibly during lunch or during one of the
> regular conference slots.
> Anyone can attend the session even if you don't yet have a key.
> If you are new to this feel free to chat with me during the breaks
> and I can guide you on how to get started.
>
> Please submit your key to the following website:
> http://biglumber.com/x/web?keyring=7983 before we end submission on
> Wednesday night.
> I'll try and organize to have printed copies of the keys during the
> day for you to mark off.
> If the conference organizers can help with printing (or suggesting a
> place close that can print) it would be appreciated.
>
> As we have 2 free form text fields that will be printed on the badge
> I would recommend you put either the full fingerprint or just the
> last 8 numbers is usually sufficient to look up a gpg key.
> 🔏 28F8 2EA3 26A3 7748 EC41 CD28 00D4 08C4 FA9E C035
> 🔏 0xFA9EC035
>
> Before you leave home remember to bring some sort of identity as
> well as a few copies of your key printed out.
> Know that the organizer could have changed paper copy so don't trust
> it, read your fingerprint off your own printout or a device you trust.
>
> See the wiki for further details
> https://wiki.linux.conf.au/wiki/Keysigning
>
> Regards,
>
> Daniel Sobey
--
Simon Lees (Simotek) http://simotek.net
Emergency Update Team keybase.io/simotek
SUSE Linux Adelaide Australia, UTC+10:30
GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
More information about the lca2018-chat
mailing list