On Fri, Jul 02, 2010 at 10:15:07AM +0000, Anibal Monsalve Salazar wrote: >As part of the 11th Debian Conference in New York City, USA, there will >be OpenPGP (pgp/gpg) keysignings. If you intend to participate in the >DebConf10 keysignings, please send your ascii armored public key as >explained at [0] no later than Tuesday 20th of July, 2010 at 23:59 UTC. > >More (and up-to-date) information is available at [0], so keep watching >it. > >[0] http://people.debian.org/~anibal/ksp-dc10/ksp-dc10.html I've added a link to micah's webpage, see micah's message below. It was from the Debconf10-localteam mailing list. I've Bcc-ed all people involved. On Mon, Jul 05, 2010 at 12:06:49PM -0400, micah anderson wrote: >On Wed, 30 Jun 2010 14:27:12 +1000, Aníbal Monsalve Salazar wrote: >>On Tue, Jun 08, 2010 at 10:42:23AM -0400, Daniel Kahn Gillmor wrote: >>>Subject: Re: [Debconf10-localteam] DebConf10 Keysigning-Party >>> >>>I agree with Jonathan McDowell that 2K RSA keys should be entirely >>>sufficient. >>> >>>If we want to make limitations based on cryptographic algorithms, >>>formats, bitlengths, etc today, i'd say (in order of preference): >>> >>>* Keys must be OpenPGPv4 >>>* Primary keys should be DSA-2 or RSA, 2048 bits or more. (RSA >>> preferred?) >>>* self-signatures must not use MD5 >>>* self-signatures must not use SHA1 >>>* stated digest algorithm preferences must include at least one member >>> of the SHA-2 family at a higher priority than both MD5 and SHA1 >>>* primary keys should have a reasonable expiration date (no more than 5 >>> years in the future) >>>* users should assert that they have control over a revocation >>> certificate that they can and will use should they lose control of >>> the key (i don't know of a way to indicate this at the moment, but it >>> would be nice to know). >>>* users should assert that they regularly refresh their keyrings from >>> the keyservers, so that revocations and updates to expirations are >>> fetched promptly. >>> >>>Any other suggestions? Note that i'm not proposing we actually have to >>>do all of these checks for this keysigning, i'm just enumerating >>>worthwhile goals that we probably want to encourage. >> >>I'll post and announcement including dkg's suggestions to >>debian-devel-announce this arvo/evening. > >I hashed out some manual mechanisms for determining the different >criteria above, and put them on a incomplete web page: > >https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#openpgp-key-checks > >Feel free to steal anything from there. > >micah Thank you!
Attachment:
signature.asc
Description: Digital signature