The aim of this Workshop is to strengthen the Web of Trust by signing OpenPGP keys of other people and receiving signatures from others.
We will use the Zimmermann-Sassaman key-signing-protocol (Don't forget to bring your government-issued ID, with photo!)
Send me ([mailto:timhaga@ebene6.org timhaga@ebene6.org]) an e-mail with your public key before Dec 23rd 20:00. Later that evening you will receive a list with all keys. Please check the hashes of that list print it out and write down the hashes. Check also if the fingerprint of your key is correct. To make the Email small, you may use
gpg --export-options export-minimal -a --export KeyId
.
Notice: Due to the lack of printers on the congress in the last years, the deadline for sending me your public key is Dec 23rd, 20:00 UTC+1. I will send the list a few hours later. This allows everyone to print the list at home before travelling to Hamburg.
Everyone brings their own printout of the list I mailed you before. We will check the hashes at the beginning of the event. The list has two checkboxes for every key on it. Each participants verifies and state that their key is correct. You mark one checkbox on every key that is stated as correct. Once all keys are checked, we will form a line and show each other our government-issued ID. For every participant whose ID you check and find sufficiently authentic you mark the second checkbox of the corresponding key.
Important: You decide your own signing policy. Don't bother if your neighbour comes to another decision than you whether to trust the ID of a person or not. Some people have stronger requirements than others. But as a rule of thumb: Do not only check the photo of the ID, but also the name of the person. Data on the ID can vary widely depending on the type of the ID and the issuing country, so it's absolutely up to you which datas you want to check.
Datas you may find and want to check can include:
security features of the german Personalausweis and here for other identity documents from many european countries)
The signing itself you do at home, on your own secure computer.