[BLU/Officers] Problem warning Re: Boston Linux ... our annual PGP/GnuPG Key-Signing Party

Wed Sep 19 17:07:57 EDT 2018

Please note in the instructions, we indicated that RSA 2048 is only
acceptable with expiration date of 2020 or sooner.
  > 3k and now >= 4k have been recommendations for some time;
we include  RSA2048 in web of trust currently only for migration purposes.
(E.g., sign a new key with an old key, set to expire 2020, and sign others'
with both.)

Pursuant to that policy statement, I will not recommend signing of your
2030 expiration date RSA2048.
(Folks may choose to disregard my advice.)

You may sign others' keys after participating tonight, and if you do so
with both your old key and a new key longer key signed by  your old key,
they can choose to sign the new key.

pub   rsa2048/7493DAEC 2018-05-05 [SCA] [expires: 2030-05-05]
uid         [ unknown] James R. Doyle <rockymtnmagic at gmail.com>
sub   rsa2048/2408FE78 2018-05-05 [E] [expires: 2030-05-05]

// Bill

On Tue, Sep 18, 2018 at 10:31 AM Jerry Feldman <gaf at blu.org> wrote:

> When: September 19, 2018 7:00PM (6:30PM for Q&A)
> Topic: Crypto News, plus our annual PGP/GnuPG Key-Signing Party
> Moderator: Bill Ricker
> Location: MIT Building E-51, Room 335
>
>
> Please note that Wadsworth St is open from Memorial Drive to Amherst St,
> but is closed between Amherst St to Main St. See the ling below for
> additional details.
> https://courbanize.com/projects/mit-kendall-square/updates
>
> Summary:
>
> Bill's annual crypto talk, PGP keysigning party. Register your key in
> advance to participate!
>
> Abstract:
> Bill reviews recent crypto news from the past year, and some crypto
> history.
>
> Cryptography News Highlights since the last year; e.g.,
> top named vulnerabilities
> preparing for post-Quantum cryptography
> books on Eliz. S. Friedman released (wrto Hidden Figures)
>
> The history portion may    include    horse farms, pumpkin patches, IBM
> punch-card accounting, and catching atom spies; or the Hidden Figures
> book connections; or something else entirely.
>
> Following Bill's presentation, we hold our annual keysigning party.
>
> ------------------------ Additional information from Bill
>
> * We will NO LONGER sign RSA or DSA 1024b keys (or shorter). Obsolete.
> * We will NOT sign RSA 2048b keys without expiration dates
> or with expiration dates beyond 2020.
> * Use RSA 4096 or ed25519 for gpg2 --gen-key
>
> Notes
> * If concerned about well-capitalized massive factoring dictionaries,
> subtract a small multiple of 8 bits to get a size that is not standard
> and thus won't be dictionaried.
> * Alas the one trustworthy ECC curve,  ed25519, is supported only in
> GPG 2.1.7+ (gpg2), but if you have recent Ubuntu you you can use it now.
>   See https://nickhu.co.uk/posts/2016-09-03-curvy-gpg/
> <https://nickhu.co.uk/posts/2016-09-03-curvy-gpg/> for instructions
> GPG2 gives a warning that it's not yet standardized so i'm considering
> it still somewhat expriemental ... i'm going to try a 10y expiring on this
>
>
> ———————-
>
> A key signing party is a get-together of people who use the PGP
> encryption system with the purpose of allowing those people to sign each
> others keys. Key signing parties serve to extend the web of trust to a
> great degree. Key signing parties also serve as great opportunities to
> discuss the political and social issues surrounding strong cryptography,
> individual liberties, individual sovereignty, and even implementing
> encryption technologies or perhaps future work on free encryption software.
>
> The basic workflow of signing someone's key is as follows:
>
> Verify that the person actually is who they claim to be;
> Have them verify their key ID and fingerprint;
> Sign their key;
> Send the signed key back to them
>
> At the meeting, we go through the first two steps. Each person who
> preregistered their key will announce their presence and then read off
> their key ID and fingerprint, so everyone can verify that their copy of
> the list of keys is correct. Once we've run down the list, we line up,
> and each of us examines everyone else's photo IDs to verify that they
> are who they claim to be. After the meeting is over, each participant
> can then retrieve the keys that they've personally verified, sign those
> keys, and send the signed keys back to their respective owners.
>
> In order to complete the keysigning in the allotted time, we follow a
> formal procedure as seen in V. Alex Brennen's “GnuPG Keysigning Party
> HOWTO”:
> https://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
> .
> It is strongly advised that if you have not been to a keysigning party
> before, you read this document: http://blu.org/keysignings/. We're using
> the List-based method for this keysigning party, and the keyserver at
> subkeys.pgp.net.
>
>
> It is essential that, before the meeting, you register on the signup
> form listed in the attachments. You should bring at least one picture ID
> with you. You must also bring your own printout of the report on that
> page, so you can check off the names/keys of the people you have
> personally verified.
>
> The list will be printed on Wednesday afternoon, the day of the meeting;
> be sure to register your key for the keysigning before that. The
> official cutoff time is 3:00 pm.
>
>
> For further information and directions please consult the BLU Web site
> http://www.blu.org
>
> Parking:
> MIT lots require permits after hours.
> All Cambridge parking meters use Passport by Phone:
> https://www.cambridgema.gov/traffic/Parking/paybyphone
> This is active on all Cambridge metered parking spaces. Meters are free
> after 8PM
>
> For further information and directions please consult the BLU Web site
> http://www.blu.org
>
> --
> Jerry Feldman <gaf at blu.org>
> Boston Linux and Unix
> PGP key id:3BC1EB90
> PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Announce mailing list
> Announce at blu.org
> http://lists.blu.org/mailman/listinfo/announce
>

-- 
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.blu.org/pipermail/officers/attachments/20180919/a5b47e83/attachment.html>