 Hello, party people. This is the DebConf 14 OpenPGP key signing party. So, I'm DKG. This is Anibal. I want to welcome everybody here. We're going to be passing around two decks of cards. Each deck needs to go across the entire room. You'll get a deck coming in a different direction. Make sure you get the top blue card when the deck hits you and the top red card when the deck hits you. I'll explain what's going on with that later. Just make sure that you pass it so that everybody manages to get one of each card. What do I need to do to break the system? I'm not going to tell you. It's okay if people know what your card is. You don't have to hide the card. And I'm not going to do any sort of magic trick guessing thing. Everybody check that you still have your watch off. So, we're going to start with a little overview about what we're doing here and why we're doing it. And then a little bit of technical detail. And then we'll go ahead with the actual program. You're going to read the hash at some point, right? Yes, we are going to read the hash at some point. So, I recognize that there are some people who are here who have done key signing parties many, many times before. And I suspect that there are some people here who have never done a key signing party ever. So, there's going to be some explanation. I want to encourage people to ask questions if you're not sure why something is useful or why something might happen. I don't think we have time to go into all of the possibilities about what could be done or specific tools to use for every single thing. But, question. Yes, I will speak more slowly. We also have a microphone. We have a microphone for the people with questions in the audience, I think. Any bell has it. So, if you want to ask a question, please raise your hand and wait until you get the microphone to ask the question. Why are we taking a card and passing the rest down? We'll get to that. I promise. Okay. So, primarily what we're trying to do here is to meet each other and to establish connections with each other so that we can continue to have those connections in a secure fashion over the internet in the future. We're establishing the identity of other people who work on the project, getting to know who they are and making sure that we have a secure way that we can communicate offline. So, we're bootstrapping the online communication from this offline meetup. So, that's the purpose of a key signing party. So, many of the people who are here probably sent an email to Anibal with their key and asked for it to be included in the key signing party and that's great if you did that. With the public part of your key, yes, not the private part. I'm sure that there are several people here, if not many people here, who did not get an email to Anibal and that's also okay. So, there are some things that are going to be more convenient for the people who have sent their key to Anibal earlier but if you do not do that, you can still participate. It'll just be a little bit less convenient for you. So, yeah, sorry, for people who came in late, there are two decks of cards going around, a blue deck and a red deck and everyone should get the top card from each deck when it passes. So, make sure you have a blue card and a red card. We'll get to that. So, part of meeting people is knowing who people are. There are some open seats up here if the lurker's in the back when it comes down. But part of it is the cryptographic part is that we want to verify people's fingerprints. So, the fingerprint is a marker for your public key. It is very difficult to forge a fingerprint that matches your fingerprint and normally if you're doing a pair-wise fingerprint verification, then both parties have to read to each other a relatively long string of hexadecimal characters and verify that from the other person. That's kind of a boring task. We're also not very good at it as humans. So, sending the keys earlier, we're going to avoid having to do that many pair-wise fingerprint matches by, as a group, we're going to take a list of all of the fingerprints that everybody has submitted and we're going to collectively verify that we all got that same list and that way when you meet someone whose key was on that list, you'll be able to go, you'll be able to say to that person, oh, I had the same fingerprint hash that you did when we looked at the big list and my key was number 28 and then you can look at the list and you say, oh, it's number 28 and now you've got the file, you've got the fingerprint, you can just work with that. So, the advantage is that everybody verifies one big fingerprint and then we can work with our tools to do the signing afterwards. Does that make sense as to why the process is set up that way? If you did not. So, the steps I have here is everyone has the big list and if you don't have it yet, you can fetch it from there, which may or may not be men in the middle and then we're going to take a digest of the big list and then we're going to, so we'll compare the digest and the other thing, no, not those. They've run out of red cards, wow, all right. Uh-oh, really? How many people do? Well, no, because that's going to put everybody in the same boat here. All right, so if you didn't get a card, then look at your neighbor to your left and note their red card and look at your neighbor to your right and note their blue card and that's yours. I have the last blue card, so these two rows don't have blue cards. Sorry, initially, when everyone was here at the start of the talk, there were less than 80 people in the room and now there are more than 80 people in the room and I apologize that I didn't expect so many people to come in after the talk started. If you came in after the talk started, you're going to choose randomly about the cards later. Sorry, it doesn't work to give out these cards now. Not if you don't have a card. So the critical thing here is that when you look at this list, it's not just about having the group consensus about what the digest is on that list. You also have to verify that your fingerprint on that list is your fingerprint. So if we all agree on the collective digest, but your fingerprint has changed, Johnny Ball was the one who made the list and then it got transmitted over clear text HTTP, make sure that your fingerprint is the right one. If you're not in the list, and I'm sure many people aren't, make sure you've got copies, physical copies of your fingerprint. When we're doing these key signings, you're not going to be reading your full fingerprint to all of your neighbors. So if you have a physical copy that you can hand to your neighbor when you're in the process of doing the verification, that way they've got a copy of it and they can do whatever they want with it. So I want to emphasize here, the fingerprints are for crypto. The goal of all of this is to meet other people in Debian so that you can keep in touch with them and do stuff with them later. Work on projects. So do the people who are... So you can also participate without verifying the fingerprint of the file and you're just not going to be able to correctly verify people's fingerprints. So in which case you probably should not be signing their keys. You can verify the individual fingerprint, but I don't want people to have to be doing that during the group key signing. So sorry, you want the URL there? There you go. So that's deb.ly, KSP, Key Signing Party, Deb Comp 14. So KSP DC 14. Oh, there's way more opportunities than two. So... There's a brown group of foxy. So I want to make sure that everyone... So I want to get around to just... We're going to get out of the way the group verification of the fingerprint of the whole file. And so I want to make sure that everyone who is going to be verifying the fingerprint of the whole file is prepared to do that. So if anyone who is planning on verifying this and is not prepared to verify the fingerprint, please raise your hand. Okay. If you have the fingerprint in front of you, raise your hand. Okay. So another option for some people, if you want, is to make a note of the finger. If you don't have it, if you're not one of the folks who have it in front of you, you can write down the fingerprint that we are all going to consent on shortly and then you can later fetch the file and try to verify the fingerprint that way. So, yes, you'll need to have an exact copy of the file. It is now. So... Sure, the URL is deb.ly. KSP DC 14. That was a random URL string that it gave me from the URL shortener. I was using dual eCDRBG. So... Sorry. Okay. So, I just put the SHA256 sum of the key signing party list up there and I'm going to read it out loud. So it is four, four, seven, five, eight, one, two, echo, five, two, bravo, thanks, nine, seven, eight, alpha, bravo, foxtrot, echo, eight, zero, bravo, nine, seven, bravo, five, bravo, alpha, echo, nine, six, eight, nine, echo, five, three, six, bravo, seven, delta, three, seven, four, alpha, four, three, nine, eight, six, foxtrot, Charlie, zero, alpha, five, two, three, foxtrot, bravo, five, alpha, foxtrot, nine, one, Charlie. Does anyone have a different fingerprint? No, I am not. I'm only going to read out this one file. This is the canonical file. I don't think we should have separate versions that are multiple, not quite canonical files. So there's some discussion here about what, for people who are listening remotely and don't have the microphone access, there's discussion about whether we're going to verify another file's fingerprint and I want to minimize the amount of fingerprint verification because that's not the point here. The fingerprint verification, the goal is to make sure we have a cryptographic link. This is sufficient to have this cryptographic link and I don't think we should do more. The question is, is anyone going to use the condensed file? Can you bring in the microphone? So there's some discussion about which files are acceptable to use. The canonical version is this kspdc14.txt, not the compressed one. Borland, did you want to repeat that? So the issue I'm pointing out is that at the very least I remember off the top of my head the condensed file does not list the key lengths of the keys. So verifying that checksum doesn't give you the same cryptographic assurance and should not be used. And also, I'm not checking that file so you'll just have to use the real one. Can you hand stand the mic please? So, okay, this is speaking with, I was one of the reviewers for the latest round of the OpenPGP spec when it was approved. It is my understanding that a modern key, and I'd have to go back and look this up, we got to a point where all you needed was the fingerprint. I believe that's correct. But it is absolutely true for DSA keys and especially for PGP-1 keys, that is not true. Yeah. PGP-V3 keys do not, the fingerprint does not encode the length. Yes, we do. Why? I don't want to get into the cryptographic details right now. I want to get on with meeting each other because I think that's the point. Also, I am not verifying any fingerprints that are mine except in that file. So if you were trying to verify some other file, I am not assuring you that your copy of my fingerprint is valid. You must verify that fingerprint to be assured that my fingerprint is valid. Okay. A couple of points here. No one is under any obligation to sign any key. Right? You don't have to sign every key of every person that you meet at this key signing party even if you say that you do, even if you say that you plan to. And if someone decides to not sign your key or if someone is lazy and forgets about it, you can ping them if you want, but it's okay if they don't want to sign your key. We would be happy to have people meet each other and certify each other's identities, but it's okay if that's not what, if somebody doesn't want to sign. So traditionally with key signing parties, people have asked to, you know, we ask people to bring some form of identification. So what kind of ID is okay? I want to point out that the bottom point here is the critical part, which is that different people have different standards. At Debbie and we really want to make sure that we know who each other is, but there are some people here whose government issued IDs don't match depending on what you consider to be actual. Some people here have identities, have identity papers that are not internationally valid like a local driver's license. Some people have just this as their identity and it's up to the person who's doing the certification to decide what kind of ID is sufficient and how many IDs they need to get. So I just wanted to point that out and this is again up to the person who's doing the certifying. And one more point here for folks who have not participated in a key signing party before. We are not actually signing keys at the key signing party. We are taking notes and you will use those notes later to certify whichever keys you decide you want to. But we are not going to do any key certification in this room. I mean maybe some people will because they're crazy, but the point here is to not actually do the key certifying right now. Make notes so that you know what the keys are that you are going to certify and then you can go do that whenever you want. One of the reasons to argue for printing out the sheet is that it's easy to take notes on the sheet with a pen and when you meet someone face to face it's nice to have a piece of paper and a pen. It doesn't feel quite as alienating as a computer. Other people prefer to take notes on the computer. They can process them more easily that way and different people have different note-taking styles. So the way that we're going to... I'm just going to demonstrate with Anibal the way that we would use... the way that we would do this because people who are here have not done this process before. So, okay, so I'm going to say I'm Daniel Kahn-Gilmore. My email address is dkgeathethorstman.net and I have verified the fingerprint that we all agreed on here and I have checked the file and my fingerprint is correct in there so I would say this to Anibal and he would look at his notes and... Did you check the hash? I did check the hash of the file and here's my ID. It's a New York state driver's license. I also have this which doesn't have my middle name on it and I have my healthcare card and I probably have something that I wrote in crayons So, now it's up to him to decide whether or not he thinks that is a sufficient identification. What do you think? I want to see Clayton. Yes. My number is 28. I'm going to check his name with his name on the list. I'll hold the microphone. 28. Fingerprint, you said... I've checked my fingerprint and I've checked the fingerprint of the file. Your ID is okay. Thank you. Sure. So, I would like to get my ID back. Thank you. I did. So, let me say that again because Zobel thinks that I didn't say it. I checked the fingerprint of the file and I looked at the file and I checked that my fingerprint is correct in the file and I am number 28. That was the first thing that I said. Yes. So, there's a hand... Manaj has a hand there. Would it be faster to have us go around and say things like, I'm number 66. I checked the... Check some of the file and... So, the answer is yes, it would be faster but people would not be able to verify whatever identity documents you present. So, the identity can be then checked separately. Well, if you're checking the identity separately at that point, you can also say to the person I checked, I'm in the file, I've checked my fingerprint in the file and I'm number 8. If you're doing that separately, which I encourage you to do after the KSP. Wait. Okay? So, does this process make sense to people? Any other questions? We'll get to the cards. Come on, folks. So, after the KSP, after the KSP, you will process your notes. You're going to certify the people's keys who you decided to certify. I recommend emailing your signatures to the people because that's a way to verify their email address. If I said, hi, my name is Daniel Kahn-Gilmore. My email address is president at whitehouse.gov. You probably don't want to certify that because you can recognize that that's probably not my email address. But you can't tell, really, with other ones. And so if you email your signatures to the person who you signed, then you're verifying that at least they have some way to read that email. So, yes, so there's a tool called CAF from Key Signing Party that automates that and I recommend checking it out. There's also a tool... Sorry, Signing Party. Don't believe what you see up here. I'm not going to change it right now. So there's Signing Party and Monkey Sign and Pius that all offer that. I recommend CAF at the moment. I'm hoping to recommend Monkey Sign in the future. Are these slides available online? They're not right now, but I'll put them online. Was there... Sorry, there's a bunch of people asking questions and I'd like to have one conversation until we can get to the Key Signing. If you receive emails from people that are using CAF, I think it's important to note that that's the signature and then you need to upload that to the server. Otherwise it won't be public. So the email that will... The email that will be sent via CAF will be a message text with the signed key attached, all of that encrypted and then mailed to you. And so when you receive it, you'll need to decrypt the email, extract the attachment, import that into your PGP key ring using probably GPG import or whatever tools you have available. And then if you want that signature to be visible to the rest of the world, you'll then need to send your key to the public key servers. Tom? Yeah, I just wanted... I was trying to find the correct bug number here and I'm not finding it at the moment, but I wanted to just remind people that there is a little bit of a confusing configuration step for CAF. It has its own directory for GPG configuration and it's kind of important before you actually start signing keys to make sure that among other things, the signature strength is set sufficiently high, like SHA-256 or better in that file. I'd be glad to answer anyone's questions about how to do that if anyone has any questions about that. And also just to follow up on the comment that Tigard mentioned earlier, I think it's generally polite to let people upload their own signatures. I like to be the one to upload my own signatures because often if you send me a SHA-1 signed key, I will probably politely ask you to re-sign it and then I'll upload your strong signature to the key servers. Thank you. I think those are good recommendations. So are we ready to learn what the cards are for? Yay! Okay, so everyone has a red card and a blue card, except for the folks who came in late. That's not a blue card! Okay, so the red... you're going to have zero or one red cards and zero or one blue cards. And when I say you're a red card and you don't have a red card, you get to pick a number from one to ten. Okay, so what we're going to do is we're going to split into groups. We're going to split into ten groups and the groups are going to be based on the number that you have on the card. And when you pick a number, you'll just go to the group with that number. And so the goal here, we're going to do this twice. We're going to do it once with the red cards and then once with the blue cards. And in each group, you'll get to meet a small handful of other Debian folks. And within that group, you'll take turns introducing yourself to everyone who's in the group and passing around your ID for them to look at. And then we'll... We're going to do that for about ten minutes and then we're going to switch and we'll do the blue card groups. And the goal of this is we're not trying to get everyone to certify everyone else's key. The goal is to have a bunch of people who have signed... It's going to create sort of a mesh of certifications and it's going to give you a better chance to actually know something about the person whose keys you're signing. So in addition to doing this, you can also meet anyone during the rest of the conference and while you're talking to them, say, hey, I missed you at the key signing party and then have the same exchange and actually have a real conversation with a little bit more time to do so. Okay? So we're going to do ace two... I guess... Let's do ace two, three, four, five, six, seven, eight, nine, ten. Doesn't matter. Red card first, but it's not about whether it's red versus black on the suit. Okay. So look at your red card and ace two, three, four, five, six, seven, eight, nine, ten. And when you're in your group, when you're introducing yourself, you're going to say your name, you're going to show your ID documents, you're going to say whether you confirmed your fingerprint in the file. And you're also... Okay, can everybody... Can I just say one more thing? So in addition to saying... In addition to the critical pieces here, you are also going to say in one sentence, and everybody else in the group, keep people honest, one sentence, what do you do for Debian? One sentence. And then you're also going to say you get food. So we didn't get part either. I don't know why you guys flocked to me. I didn't flock to you. I didn't flock to you.