PGP key validation at Cocoon GetTogethers
How it works
The GT is a good occasion to verify each other's PGP key.
- Ensure your fingerprint is at a keyserver (See http://pgp.mit.edu/) for details.
- Before the day of the event, add your fingerprint and email on this page, i.e. add the output of:
{{{gpg --fingerprint yourself@apache.org or
pgpk -ll yourself@apache.org
}}} - At the event, we will print out copies of this page for everyone (on plain old paper!).
- Whenever you meet (or at a special keysigning time) someone who is on the list, then you can each verify with each other that *your key* on *their printout* is correct. Or in other words, that their printout really matches your key.
- It is important to be sure that it is the correct person (the easiest way is to view their passport). You also need to estimate how much you trust that person to be diligent with following the proper procedure.
- Then you can each mark the relevant name on your printed list.
- Once you get home, you can add/sign each of the fingerprints that you have made a mark against, after you have fetched them from the keyserver.
- Do not just automatically sign everyone on the list without proper verification. You must assert each identity.
Other resources
- The GNU Privacy Handbook http://www.gnupg.org/gph/en/manual.html
- Portrayals of the web of trust http://www.apache.org/~henkp/trust/apache.html and http://www.apache.org/~erikabele/tools/wot/wot.html
- For Apache committers there is a full explanation at cvs://committers/docs/pgp-key-signing.txt
Key fingerprints
pub 1024R/EC140B81 1997-04-10 Dirk-Willem van Gulik <dirkx@apache.org> Key fingerprint = A5 EC 78 D5 BB DE FE ED 50 55 DA 6D C6 E0 E7 85
pub 1024D/015AFC8A 2004-06-18 Bertrand Delacretaz <bdelacretaz@apache.org>
Key fingerprint = 9E2F 96C6 40A0 731D 93BF 548E 37F6 8FF5 015A FC8A
uid Bertrand Delacretaz <bdelacretaz@codeconsult.ch>
sub 2048g/AC136A02 2004-06-18
pub 1024D/7C200941 2004-04-24 Torsten Curdt tcurdt at apache.org
Key fingerprint = 3909 C287 9232 7FAD 3810 0EAF 0463 3A57 7C20 0941
uid Torsten Curdt tcurdt at vafer.org
uid Torsten Curdt tcurdt at web.de
uid Torsten Curdt tcurdt at managesoft.com
sub 1024g/87C5307C 2004-04-24
pub 1024D/C4C57B42 2000-09-21 Marcus Crafter <crafterm@debian.org>
Key fingerprint = E253 3B81 9C92 9129 FA40 9BFD 394D 2FE3 C4C5 7B42
uid Marcus Crafter <crafterm@apache.org>
uid Marcus Crafter <crafterm@managesoft.com>
uid Marcus Crafter <Marcus.Crafter@osa.de>
uid Marcus Crafter <Marcus.Crafter@managesoft.com>
sub 1024g/E3EB8E69 2000-09-21 [expires: 2005-06-20]
pub 1024D/0F341C75 2004-08-16 Jon Evans jon.evans AT pobox.com
Key fingerprint = 4E36 6BF7 A628 83DF BF3C 466E 8D3B 625E 0F34 1C75
sub 1024g/D89D1FA5 2004-08-16 [expires: 2008-08-15]
pub 1024D/E2D774DF 2004-10-09 Sylvain Wallez <sylvain@apache.org>
Key fingerprint = E866 62A9 D259 55DF 2DDC BB19 C9B5 A6EC E2D7 74DF
sub 2048g/010F3A26 2004-10-09
pub 1024D/E41EDC7E 2003-09-26 Carsten Ziegeler <cziegeler@apache.org>
Key fingerprint = 0217 52BC CC56 7AAA A0D3 3A36 132E 49D4 E41E DC7E
sub 1024g/0F6ED732 2003-09-26
pub 1024D/675C1389 2004-10-09 Christian Haul <haul@apache.org>
Key fingerprint = CD1D A1C8 EDAB 5EFC 364D B06E A715 6ABE 675C 1389
sub 2048g/55F4F68E 2004-10-09 [expires: 2008-10-08]
pub 1024D/2BF3F720 2003-09-02
Key fingerprint = 00C1 DDA6 966D 1619 375B AC2E E36F 6012 2BF3 F720
uid Vadim Gritsenko (CODE SIGNING KEY) <vgritsenko@apache.org>