NIR training BOF
Wednesday 1 September, 18:00-19:00
This is an informal session intended to share member training experiences between the NIRs and to explore opportunities of further collaborative training efforts between APNIC Training and NIRs in accordance with needs.
PGP key signing BOF
Thursday 2 September, 18:00-19:00
Joe Abley, ISC
Joe Abley of ISC will host a PGP key signing party at the APNIC 18 meeting in Nadi. The meeting will take place Thursday 2 September at 6pm in the Orchid room.
There will be a brief, informal introduction to PGP key signing presented at the very beginning of the party, so if you've never signed a key before or you're interested in learning more about PGP, be sure to arrive on time.
How the key signing works
The procedure for the key signing party will be as follows:
People who wish to participate should add their public key (or keys) directly to the APNIC 18 keyring using the key signing coordination service at Biglumber. The APNIC 18 keyring can be found here (or do a quick search on Biglumber for "APNIC 18").
If you prefer, you can email an ASCII extract of your PGP public key (or keys) to email@example.com, using a subject line of "APNIC PGP KEY". This has been the means of adding your public key for past events. Either way is fine; you don't need to do both, but it doesn't matter if you do.
Please submit your key (or keys) before 6pm on Thursday 2 September.
The method of generating the ASCII extract under Unix is:
|pgp -kxa my_email_address mykey.asc
|pgpk -xa my_email_address
||mykey.asc | (PGP 5.x)
|gpg --export -a my_email_address > mykey.asc
If you're using Windows or Macintosh, it will hopefully be obvious how to use the GUI interface to generate an ASCII armored key that begins:
-----BEGIN PGP PUBLIC KEY BLOCK-----
After 6pm on Thursday, you will be able to fetch a complete keyring from Biglumber with all of the keys that were submitted.
At 6pm, come prepared with a trusted copy of the fingerprint of your PGP public key. You will be provided with a handout with all of the key fingerprints of the keys on the APNIC 18 keyring.
During the meeting, readers at the front of the room will recite people's keys; as your key fingerprint is read, stand up, and at the end of reading of your PGP key fingerprint, acknowledge that the fingerprint read out was correct.
While everybody is in the room together, it's a good chance to verify the identities of the people whose key fingerprints you have checked, if you don't already know them personally. You might want to bring photo ID with you (drivers licence, passport, etc) to make it easier for other people to confirm your identity.
Later that day, or perhaps when you get home, you can sign the keys corresponding to the fingerprints which you were able to verify on the handout; note that it is advisable that you only sign keys of people when you have personal knowledge that the person who stood up during the reading of his/her fingerprint really is the person which he/she claimed to be.
Submit the keys you have signed to the PGP keyservers. A good one to use is the one at MIT: simply send an email containing the ASCII-armored version of your PGP public key to firstname.lastname@example.org.
Note that you don't have to have a laptop with you. If you don't have any locally trusted computing resources during the key signing party, you can make notes on the handout, and then take the handout home and sign the keys later.