lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <50387307.9070001@kernel.org>
Date:	Fri, 24 Aug 2012 23:39:03 -0700
From:	Konstantin Ryabitsev <mricon@...nel.org>
To:	ksummit-2012-discuss@...ts.linux-foundation.org,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Pubring and instructions for the KS 2012 keysigning

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello, all:

I collected 46 keys from 40 people interested in keysigning at the
Kernel Summit. I have uploaded the fingerprints and the pubring to the
following locations:

https://www.kernel.org/ks2012-fingerprints.txt
https://www.kernel.org/ks2012-pubring.gpg

This is the sha256sum of the pubring:
bbb816d955c3939c72985175b0ea4f8781662f70d8a0fa9b0985391403a0fe79

You can import the pubring using "gpg --import" command.

WARNING: just in case someone jumps the gun -- these fingerprints were
taken at "face value". I DID NO VERIFICATION WHATSOEVER whether these
keys belong to the actual people. DO NOT sign any of these keys
without the verification procedure at the Kernel Summit. My GPG
signature on this email is in no way an endorsement of these keys.

Here's how the procedure will play out:

1. Before lunch on Wednesday, I will take 5 minutes of your time to
introduce myself and to recite the sha256sum of the pubring available
for download from the link above. People with laptops capable of
downloading the pubring and running "sha256sum" (should be about 95%
of the audience, I think) can validate whether the hash verifies.
2. I will also make available printed worksheets with people's names
and key fingerprints (or print your own -- see attached).
3. If you are willing to sign people's keys, please obtain from me a
copy of the worksheet, a short pencil, and a stylish sticker [*]:
   a. Affix the stylish sicker to your KS badge to indicate that
you're willing to sign keys.
   b. Fold the worksheet and keep it in your KS badge. [**]
   c. Keep the brass lantern^W^W short pencil in your badge, too.
4. During lunch and later during the day, if someone approaches you
and asks to sign their key:
   a. Keep calm.
   b. Locate their name on the worksheet.
   c. Ask to see some government-issued ID to verify their identity.
   d. Alternatively, ask personal/kernel-related questions which only
that person would be able to answer (see Harry Potter books 6 and 7).
5. If you are comfortable in asserting that the person asking your
signature is who they say they are, put an "X" next to their name on
the worksheet using the pencil provided (or an alternative writing
utensil should there be a dearth of pencils).
6. When you get back to your laptop, run "gpg --sign-key [keyid]" for
all the people marked "X" on your worksheet. The key id is the last 8
chars of the fingerprint smushed together. [***] If a person has
multiple fingerprints, sign all their keys.
7. Lastly, do "gpg --send-keys [keyid]" to upload the newly signed key
to the keyservers.


.. [*] what will be on the stickers remains to be established.
.. [**] assuming it's not a fully laminated badge without openings.
.. [***] This assumes you ran "gpg --import ks2012-pubring.gpg" prior.


If you have any questions, please let me know.

Best,
- -- 
Konstantin Ryabitsev
Systems Administrator
Linux Foundation, kernel.org
Montréal, Québec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQGcBAEBAgAGBQJQOHMDAAoJEI6WedmufEle5RUL/jYf3ldhvaokFEVxaNmclLqe
RHbqO2jpxho+nkRwDvHRIdr4NGvvRsD2JQFPkR86qDpp9oASQ/gG+SaanL4sDBrh
Q+6nJwRKMSulIauWlnS5fP9jGw/ye0RT2Q6nNP/yCSYxxhe+vImmObN1AtzfTtfs
/U5MQf0iCla/kvyS1Qv5DVw4IGdm+e3KHWCBQG8qh0aahnq4tmaYdv4vjI0ZJ35n
otUzQOpiDKQBfbMaE3Gl9xrAbKNUvtdPA4GOjo2MhDCZeqDLLYGtDK4gr4zUJt9p
gHdVG4KQxkulKW/6TTIJTfBbEL86UnRWaO/8T9+vxovecrkowfIWKj9LeK1bbczp
6C2FVRq6dWEh7fhOFQo/CPFLVBqb+volIFcHOYWmUDmrgGUAVw9BqyWEJE+hKMLs
u6cuUZCNEpEsFqye4hNuC3OkJ19jVKr1wtmOAt7XxedskPGOAdnDtbe7/ElWmEtG
HpAwOwX1OX62L/YrNTTky6Zg1czzQPaJxLvOysfwrQ==
=/bJM
-----END PGP SIGNATURE-----

Download attachment "ks2012-worksheet.pdf" of type "application/pdf" (62187 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ