Signing-party and crypto conference in Paris
- Content: explanations about cryptography, SSL and PGP, then signing-party
- Location: EPN la Bourdonnais, 105 avenue de la Bourdonnais, 75007 Paris
- Date: 2012-05-21 18:45+02:00
- Duration: 02:15
Monday 21st during at 18:45, in Paris, there will be a conference organized by Parinux, where I will explain the principles of cryptography and their application in the SSL and PGP systems. This conference will be followed at 20:30 by a signing-party PGP et CAcert.
For the signing-party, I will ask participants to:
- generate a key pair if you do not already have one;
- send me you public key and register;
- print some copies of your key fingerprint;
- print the list of participants I will send you;
- come with all that stuff and one or two identity documents.
This is a partial translation of the full article I wrote in French, in case foreigners could attend. Sorry for the very late notice…
Signing-party et conférence crypto
Classified in : Homepage, Auto-hébergement, Debian-FR, Libre, April
- Contenu : explications sur la cryptographie, SSL et PGP puis signing-party
- Lieu : EPN la Bourdonnais, 105 avenue de la Bourdonnais, 75007 Paris
- Date : 2012-05-21 18:45+02:00
- Durée : 02:15
Le lundi 21 mai au soir, à Paris, se tiendra une conférence organisée par Parinux, où j'expliquerai les principes de base de la cryptographie et leur application dans les systèmes SSL et PGP. Cette conférence sera suivie par une signing-party PGP et CAcert.
Pour le déroulement de la signing-party, je vous demanderai de :
- générer un paire de clefs si vous n'en avez pas déjà une ;
- m'envoyer votre clef publique et vous inscrire ;
- imprimer quelques exemplaires de votre empreinte de clef ;
- imprimer la liste des participants que je vous enverrai ;
- venir munis de tout cela ainsi que d'un stylo et d'une ou deux pièce d'identité.
PGP signatures with trust and verification level
Classified in : Homepage, Debian, To remember
Identity checks and trust
The OpenPGP web of trust is composed of keys linked to each other by two things:
- identity checks: signing a key means that you verified the link between a key with user IDs, an official identity document with a photograph, and a person with a face;
- trust: on your public key ring, you manually decide who you trust to correctly check other people's identity.
With these two pieces of information, GnuPG is able to determine whether or not the key of someone you never met can trusted to belong to its alleged owner.
Signatures
Signing a key is usually a binary action: either you sign it or you do not sign it. Thus your signature on a key will give other people a rough identity check information and no trust information at all.
In fact, the OpenPGP standard does allow to publish precise identity check and trust information on signatures, but unfortunately this is now enabled with GnuPG by default. These features are called certification level and trust signatures.
previous page 2 of 2