Thursday, September 10, 2015

Boston Linux Meeting Wednesday, September 16, 2015 - Jeff Schiller and PGP/GnuPG Keysigning Party XV

When: September 16, 2015 7PM (6:30PM for Q&A)
Topic: Jeff Schiller and PGP/GnuPG Keysigning Party XV
Moderator: Jeff Schiller
Location: MIT Building E-51, Room 335

### Please note that Wadsworth St. is still closed.
### Proceed West on Memorial Drive to Ames St. Ames will be
### 2-way during construction. Take a right onto Ames St and another
### right onto Amherst St.


A talk by Jeff Schiller, followed by our annual keysigning party.
Pre-register your PGP key before the meeting!


Add your key to the keysigning party checksheet []

A key signing party is a get-together of people who use the PGP
encryption system with the purpose of allowing those people to sign each
others keys. Key signing parties serve to extend the web of trust to a
great degree. Key signing parties also serve as great opportunities to
discuss the political and social issues surrounding strong cryptography,
individual liberties, individual sovereignty, and even implementing
encryption technologies or perhaps future work on free encryption software.

The basic workflow of signing someone's key is as follows:

Verify that the person actually is who they claim to be;
Have them verify their key ID and fingerprint;
Sign their key;
Send the signed key back to them

At the meeting, we go through the first two steps. Each person who
preregistered their key will announce their presence and then read off
their key ID and fingerprint, so everyone can verify that their copy of
the list of keys is correct. Once we've run down the list, we line up,
and each of us examines everyone else's photo IDs to verify that they
are who they claim to be. After the meeting is over, each participant
can then retrieve the keys that they've personally verified, sign those
keys, and send the signed keys back to their respective owners.

In order to complete the keysigning in the allotted time, we follow
a formal procedure as seen in V. Alex Brennen's "GnuPG Keysigning Party
HOWTO", attached below. It is strongly advised that if you have not been
to a keysigning party before, you read this document. We're using the
List-based method for this keysigning party, and the keyserver at

It is essential that, before the meeting, you register on the
signup form listed in the attachments. You should bring at least one
picture ID with you. You must also bring your own printout of the report
on that page, so you can check off the names/keys of the people you have
personally verified.

The list will be printed on Wednesday afternoon, the day of the
meeting; be sure to register your key for the keysigning before that.
The official cutoff time is 3:00 pm.


Jeff works at MIT in the Information Services and Technology
Department (IS&T). For more then 20 years he's managed MIT's Internet
presence. He also built a significant portion of MIT's Security
Infrastructure including its X.509 certificate deployment. MIT is
probably has one of the largest deployments (and certainly the oldest,
dating back to 1996) of X.509 client Certificates.

For further information and directions please consult the BLU Web site
Please note that there is usually plenty of free parking in the E-51
parking lot at 2 Amherst St, or directly on Amherst St.

After the meeting we will adjourn to the official after meeting meeting
location at The Cambridge Brewing Company

Jerry Feldman <>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90

Announce mailing list


  1. Businesses are increasingly comfortable with security measures put in place to protect cloud services and the data housed with them, new research has revealed, and most companies have formal policies for moving processes to the virtual dataroom services realm.

  2. Even though your files and data may be well protected from viruses, malware and hackers, you could still lose it all from a simple hard drive crash. Your PC likely has some sort of built-in backup application, or you could invest in another backup application.
    virtual data rooms