IETF PGP Key Signing Party We will be holding a PGP Key signing party at the IETF meeting in San Diego. We have been scheduled to meet at 10:30pm on the evening of Wednesday, December 13, 2000 in the Marina 6. The procedure we will use is the following: o People who wish to participate should email an ASCII extract of their PGP public key to by noon on Wednesday, December 13, 2000. Please include a subject line of "IETF PGP KEY", and please avoid MIME-encrypting your e-mail. (I will be running the emacs RMAIL file through PGP, and PGP-keys that are base-64 encoded will get ignored unless I take manual action to fix things, which I will try to do but make no guarantees about doing.) The method of generating the ASCII extract under Unix is: pgp -kxa my_email_address mykey.asc (pgp 2.6.2) pgpk -xa my_email_address > mykey.asc (pgp 5.x) gpg --export -a my_email_address > mykey.asc (gpg) If you're using Windows or Macintosh, hopefully it will be Intuitively Obvious (tm) using the GUI interface how to generate an ASCII armored key that begins "-----BEGIN PGP PUBLIC KEY BLOCK-----". o By 6pm on Wednesday, you will be able to fetch complete key ring from the following URL with all of the keys that were submitted: http://web.mit.edu/tytso/www/ietf.pgp o At 10:30pm, come prepared with the PGP Key fingerprint of your PGP public key; we will have handouts with all of the key fingerprints of the keys that people have mailed in. o In turn, readers at the front of the room will recite people's keys; as your key fingerprint is read, stand up, and at the end of reading of your PGP key fingerprint, acknowledge that the fingerprint as read was correct. o Later that evening, or perhaps when you get home, you can sign the keys corresponding to the fingerprints which you were able to verify on the handout; note that it is advisable that you only sign keys of people when you have personal knowledge that the person who stood up during the reading of his/her fingerprint really is the person which he/she claimed to be. o Submit the keys you have signed to the PGP keyservers. A good one to use is the one at MIT: simply send mail containing the ascii armored version of your PGP public key to . Note that you don't have to have a laptop with you; if you don't have any locally trusted computing resources during the key signing party, you can make notes on the handout, and then take the handout home and sign the keys later.