Ben Finney <ben+freesoftware@benfinney.id.au> writes:
We have been discussing the idea of regular GPG keysigning parties for our group.
Thanks to everyone who participated in our first formal keysigning party at the meeting last night (2013-08-15)! You're now in possession of some number of key IDs and fingerprints, and some or all of those belong to people whose identity you have verified to your satisfaction. The URL given earlier <URL:http://keysigning.org/methods/adhoc> has information on what to do next, in order to make good on your efforts at the party. In brief: * Download, from the public keyserver network, a public key whose fingerprint you received. * Examine the key's fingerprint and verify it against the fingerprint the person gave you. * Examine the key's UIDs and verify them against the UIDs (pairs of name and email address) given to you by the person. * If you're satisfied that you've verified the person's identity and the details of their key against what you learned at the party, sign their public key with yours. (If not, no hard feelings! Try to get more information from them next time.) * Send the signed public key to the person, and/or (my recommendation) to the public keyserver network. Notify the person you've done this. A tool like ‘caff’ (installed in the package ‘signing-party’ in Debian) can step through all this for a specified set of key IDs. Lastly: * Wait to receive these notifications from other participants, and import the signed copies of your key to your keyring. * Bask in the knowledge that your public key will have an improved trail of verification worldwide :-) Please let us know how you think the key signing party went, and what we could do to improve future ones. -- \ “Even if the voices in my head are not real, they have pretty | `\ good ideas.” —anonymous | _o__) | Ben Finney