Re: [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys
On Wed, May 24, 2006 at 01:27:35PM -0500, David Moreno Garza wrote:
> b) If people don't bring the printouts verified at home previously,
> they couldn't attend the KSP.
You do not need to trust the printouts at all. I got Anibal-printed
printouts, and that's not a problem, because:
- I verified with the KSP file whether my own fingerprint was correct,
and then visually verified that the md5sum was identical to the one on
my printout
- I verified whether the md5 on the printout was the same as the one
read aloud
- I wrote down the md5sum of the additional list that was read aloud.
When I'm going to sign keys, I'll not use the printout for anything else
than to see what names I want to sign keys of. I'm going to sign the
fingerprints (taken from the file with the md5sum I know) that
correspond to names that I verified identities of. By doing so, I can
even automate the process and be done with it within half an hour of
work, like last year.
--Jeroen
--
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
Reply to: