The aim of this Workshop is to strengthen the Web of Trust by signing OpenPGP keys of other people and receiving signatures from others.
We will use the Zimmermann-Sassaman key-signing-protocol (Don't forget to bring your government-issued ID, with photo!)
Before the Party
Send me ([mailto:firstname.lastname@example.org email@example.com]) an e-mail with your public key before Dec 23rd 20:00. Later that evening you will receive a list with all keys. Please check the hashes of that list print it out and write down the hashes. Check also if the fingerprint of your key is correct. To make the Email small, you may use
gpg --export-options export-minimal -a --export KeyId
Notice: Due to the lack of printers on the congress in the last years, the deadline for sending me your public key is Dec 23rd, 20:00 UTC+1. I will send the list a few hours later. This allows everyone to print the list at home before travelling to Hamburg.
During the Party
Everyone brings their own printout of the list I mailed you before. We will check the hashes at the beginning of the event. The list has two checkboxes for every key on it. Each participants verifies and state that their key is correct. You mark one checkbox on every key that is stated as correct. Once all keys are checked, we will form a line and show each other our government-issued ID. For every participant whose ID you check and find sufficiently authentic you mark the second checkbox of the corresponding key.
Important: You decide your own signing policy. Don't bother if your neighbour comes to another decision than you whether to trust the ID of a person or not. Some people have stronger requirements than others. But as a rule of thumb: Do not only check the photo of the ID, but also the name of the person. Data on the ID can vary widely depending on the type of the ID and the issuing country, so it's absolutely up to you which datas you want to check.
Datas you may find and want to check can include:
- Date of birth (ask the person and check on the ID)
- Eye color
- Expiration date
- Security features (look here for the
After the Party
The signing itself you do at home, on your own secure computer.