Hello cluster masters, On 13/01/15 00:31 -0500, Digimer wrote: > Any concerns/comments/suggestions, please speak up ASAP! I'd like to throw a key-signing party as it will be a perfect opportunity to build a web of trust amongst us. If you haven't incorporated OpenPGP to your communication with the world yet, I would recommend at least considering it, even more in the post-Snowden era. You can use it to prove authenticity/integrity of the data you emit (signing; not just for email as is the case with this one, but also for SW releases and more), provide privacy/confidentiality of interchanged data (encryption; again, typical scenario is a private email, e.g., when you responsibly report a vulnerability to the respective maintainers), or both. In case you have no experience with this technology, there are plentiful resources on GnuPG (most renowned FOSS implementation): - https://www.gnupg.org/documentation/howtos.en.html - http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#prep (preparation steps for a key-signing party) - ... To make the verification process as smooth and as little time-consuming as possible, I would stick with a list-based method: http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#list_based and volunteer for a role of a coordinator. What's needed? Once you have a key pair (and provided that you are using GnuPG), please run the following sequence: # figure out the key ID for the identity to be verified; # IDENTITY is either your associated email address/your name # if only single key ID matches, specific key otherwise # (you can use "gpg -K" to select a desired ID at the "sec" line) KEY=$(gpg --with-colons 'IDENTITY' | grep '^pub' | cut -d: -f5) # export the public key to a file that is suitable for exchange gpg --export -a -- $KEY > $KEY # verify that you have an expected data to share gpg --with-fingerprint -- $KEY with IDENTITY adjusted as per the instruction above, and send me the resulting $KEY file, preferably in a signed (or even encrypted[*]) email from an address associated with that very public key of yours. [*] You can find my public key at public keyservers: http://pool.sks-keyservers.net/pks/lookup?op=vindex&search=0x60BCBB4F5CD7F9EF Indeed, the trust in this key should be ephemeral/one-off (e.g., using a temporary keyring, not a universal one before we proceed with the signing :) Timeline? Best if you send me your public keys before 2015-02-02. I will then compile a list of the attendees together with their keys and publish it at https://people.redhat.com/jpokorny/keysigning/2015-ha/ so you can print it out and be ready for the party. Thanks for your cooperation, looking forward to this side-event and hope this will be beneficial to all involved. P.S. There's now an opportunity to visit an exhibition of the Bohemian Crown Jewels replicas directly in Brno (sorry, Google Translate only) https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.letohradekbrno.cz%2F%3Fidm%3D55 -- Jan
Attachment:
pgpYPZQODcsqr.pgp
Description: PGP signature
-- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster