Boston Linux Meeting reminder Wednesday, September 20, 2017 - Bill's annual crypto talk and PGP/GnuPG Keysigning Party XVII

Jerry Feldman gaf at blu.org
Tue Sep 19 08:47:41 EDT 2017


When:  September 20, 2017 8PM (7:30PM for Q&A)
Topic: Bill's annual crypto talk and PGP/GnuPG Keysigning Party XVII
Moderators: Bill Ricker
Location: MIT Building E-51, Room 315
*** Note new Time ****
As a result of the new MIT parking regulations, we will be holding our 
meetings later than usual. There should be plenty of metered parking 
available. In Cambridge the meters are free after 8PM. See parking note 
below.

Summary:

  Bill's annual crypto talk, plus our annual PGP keysigning party. 
Register your key in advance to participate!

PGP keysigning party. Register your key in advance to participate!


Abstract:

Crypto News Review
Annual Historical Vignette

Re Keys for Key-signing, we should announce (in addition to what we've
said before)

* We will NO LONGER sign RSA or DSA 1024b keys (or shorter). Obsolete.
* We will NOT sign RSA 2048b keys without expiration dates or
expiration dates beyond 2020.
* Use RSA 4096 for gpg2 --gen-key

Notes
* If concerned about well-capitalized massive factoring dictionaries,
subtract a small multiple of 8 bits to get a size that is not standard
and thus won't be dictionaried.
* Alas the one trustworthy ECC curve,  ed25519, is supported only in
GPG 2.1.7+ (gpg2)
only with developer version of a library and in experimental mode.
* But do start using ed25519 for efficiency and security with any SSH
servers updated to handle it
  ssh-keygen -a 100 -t ed25519 # EdDSA Twisted Edward curves.

We hold our annual keysigning party.

A key signing party is a get-together of people who use the PGP 
encryption system with the purpose of allowing those people to sign each 
others keys. Key signing parties serve to extend the web of trust to a 
great degree. Key signing parties also serve as great opportunities to 
discuss the political and social issues surrounding strong cryptography, 
individual liberties, individual sovereignty, and even implementing 
encryption technologies or perhaps future work on free encryption software.

The basic workflow of signing someone's key is as follows:

Verify that the person actually is who they claim to be;
Have them verify their key ID and fingerprint;
Sign their key;
Send the signed key back to them

At the meeting, we go through the first two steps. Each person who 
preregistered their key will announce their presence and then read off 
their key ID and fingerprint, so everyone can verify that their copy of 
the list of keys is correct. Once we've run down the list, we line up, 
and each of us examines everyone else's photo IDs to verify that they 
are who they claim to be. After the meeting is over, each participant 
can then retrieve the keys that they've personally verified, sign those 
keys, and send the signed keys back to their respective owners.

In order to complete the keysigning in the allotted time, we follow a 
formal procedure as seen in V. Alex Brennen's “GnuPG Keysigning Party 
HOWTO”, attached below. It is strongly advised that if you have not been 
to a keysigning party before, you read this document. We're using the 
List-based method for this keysigning party, and the keyserver at 
subkeys.pgp.net.

It is essential that, before the meeting, you register on the signup 
form listed in the attachments. You should bring at least one picture ID 
with you. You must also bring your own printout of the report on that 
page, so you can check off the names/keys of the people you have 
personally verified.

The list will be printed on Wednesday afternoon, the day of the meeting; 
be sure to register your key for the keysigning before that. The 
official cutoff time is 3:00 pm.

BLU keysigning Registration :
http://blu.org/keysignings/keypartyregister.php

GnuPG Keysigning Party HOWTO:
https://herrons.com/keysigning-party-guide/

GNU Privacy Guard: https://www.gnupg.org/

For further information and directions please consult the BLU Web site
http://www.blu.org
*** Parking Notice *** *** MIT just changed to new parking regulations ***
Parking at MIT without a Permit
MIT parking permits are required for all vehicles on MIT property.
Vehicles without MIT parking permits parked in any MIT parking area will 
be subject to ticketing or towing. ​

After Hours
Anyone with a valid MIT parking permit can park his/her vehicle in any 
parking facility on campus after 2:30 PM, Monday through Friday, and all 
day on weekends and MIT holidays. Please note that parking is only 
allowed in spots that are not otherwise reserved.

​Change here is that permits for any lot now valid in all lots after 
2:30; previously permits were not required per website after 5 and in 
reality after 3, but now no. Parking is at risk. Cambridge meters and 
the pay lots and garages are the only safe options. Note also that 
Cambridge meters in the Kendall area. The Passport app is only usable in 
Harvard Sq.

Parking meters are free after 8PM. before that they cost $1.25/Hr, and 
only take quarters.


After the meeting we will adjourn to the official after meeting meeting
location at The Cambridge Brewing Company
http://www.cambridgebrewingcompany.com/


For further information and directions please consult the BLU Web site
http://www.blu.org
Please note that there is usually plenty of free parking in the E-51
parking lot at 2 Amherst St, or directly on Amherst St.

After the meeting we will adjourn to the official after meeting meeting
location at The Cambridge Brewing Company
http://www.cambridgebrewingcompany.com/

-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90
































































More information about the Announce mailing list