[Liverpool] Key Signing Event

Antony Bailey antony.bailey at thepoliceoftheinter.net
Fri Apr 26 09:48:36 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26/04/13 10:03, Dan Lynch wrote:
> On 24 April 2013 23:19, Neil Bothwick <neil at stfw.net <mailto:neil at stfw.net>> wrote:
>
>     On Wed, 24 Apr 2013 22:24:38 +0100, Dan Lynch wrote:
>
>     > We had another suggestion of IPv6 but there must be some way to link
>     > them hehe :)
>
>     There is, with IPv6 your fridge can have its own GPG key :)
>
>
> Hah, good point, I hadn't thought of that. So at the moment we have a
key signing and IPv6 workshop really. Would anyone be up for doing a
very brief talk on key signing in case anyone doesn't know what it is
and what it can do for them? 10mins would be enough.
>
> Go on, you know you want to volunteer ;)
>
> Dan
>
>
> _______________________________________________
> Liverpool mailing list
> Liverpool at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/liverpool

I'm not much of a public speaker, but I can try and sum it up for you.

Anyone can use email, in fact the majority of people already do. Email
addresses are infinite and in most cases free. This leads to a
disposable nature to communication.

In addition to this email addresses can be spoofed. So that email from
your boss might not truly be from your boss.

I can register a complete online identity and establish myself. For the
majority of people they don't want to link their online persona back to
the real world. Those of us in online business and who want to establish
a validated online persona that can be linked directly to our physical
turn to methods of authenticating ourselves.

Here is were the use of PGP/GPG comes in.

You are able to digitally sign a message to prove it comes from you. Now
that's great, you can prove that the message is signed by that key. You
still need to prove that key belongs to the specific person.

To combat this we create a Web of Trust. This is where you say "I know
John and John knows Bob so I know that Bob is really Bob because John
told me so."

With key signing events what we look to have is one person to verify the
identity of another person. So say I come along and say "I'm Antony" and
I present Id such as my passport or driving licence then you can check
the photograph and see I really am who I say I am. I provide a printed
copy of my key's fingerprint which you can find by running gpg
--fingerprint myemail at adddress.com. Now that you are sure that I am me
then you sign my key by saying "I've checked that Antony is Antony and I
believe this to be true beyond doubt."

With more signatures increases the level of trust in a person's identity.

Key Signing Events/Parties don't involve the need for a computer. In
fact it is discouraged.
You simply bring paper documents to prove your identity.

I've created some forms for entering your details into that I've put up
on Github under the MIT Licence
(https://github.com/PartTimeLegend/web-of-trust-verification-forms).
Just to give it a tidier look and feel and help organise things. They
are available in most of the formats you would like to see.

Regarding IPv6 it's even simpler to explain:

IPv4 is the xxx.xxx.xxx.xxx you are used to. Whilst this was absolutely
fine 20 years ago, unfortunately today we have more devices that we have
room for on this system. The plan is to move to a alpha numberical
representation of these addresses. Unfortunately so much hardware exists
and with general inertia it's uptake has been slow. There are IPv6
proxies available such as https://www.sixxs.net.

Unfortunately unless you have the money to invest in your own IPv6
infrastructure, you will likely not see IPv6 support for a little while
longer.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRek1dAAoJENGNqDzy5QAnyKEIAMbOn93SAdwAxnmKqQs3TVkp
qsnLS69X2e7Wl0niJ05GzKBmvUznNrqJiffkICiadbjhN1z+Kqmvol9qSYFDfWcR
8SMNiNu77+X8ZWgJ+6FfDxLFIcZNv9kIRBjCQEcEuW1Cnbd65r8cDQYH86+zWkrX
McKyiBIZkokK5qDDvdKMsSMHa3UOJHZPxd0dmcvlFT43tJ5vcdUtJul/9gEhZYvF
rq6y2bsEIz1ocAY4M8yMZ3JNAUNiY3RljfTj/5fOM3gXe3f0ghXxTIOsiKtqTUwL
UPAcw9CD9RAIVj3K/DZM3tF0bv+cyrXhaxrYEP9lA5KFVwK5hCG02pDCb2Rbrqg=
=QEJo
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/liverpool/attachments/20130426/e43a494d/attachment.html>

More information about the Liverpool mailing list