At ZendCon 2014 there will be a PGP Keysigning event. To participate all you need to do is a) have a PGP key you would like signed by other particpants and you will be able to sign other participant's keys with and b) have some form of official identification that matches the primary identity on your key. For example, if you name is listed on your PGP key as Bobby Tables you should have a government-issued ID that reads close to Bobby Tables. (Common substitutions like Matt for Matthew or Jen for Jennifer are usually acceptable.)
For some background and how-to information, check out my blog posts on a similiar PGP keysigning event at php[tek] 2014 and Signing PGP Keys for the mechanics of how to sign keys.
The web of trust is an important component to the security and usability of PGP keys for signing and encrypting. I am personally working towards growing the web of trust within the PHP community by hosting these events at PHP conferences. The idea is to get more and more people exposed to PGP keys and to have a stronger web within the community so that we can use keys to sign releases, packages, emails, etc. and be able to trust and verify who authored them.
By verifying your own key with other people and others' keys with your key you are stengthening the legitimacy of public key encryption in our community and within society as a whole for just a small investment of your time.
- If you do not have a PGP key pair, generate one now. Instructions are available on the first blog post referenced above.
- Upload your key to a public key server. Example: SKS Keyservers or MIT PGP Keyserver
- Post a link to your public key (on one of the servers from 2.) -OR- post your public key in the comments below.
- Show up at ZendCon 2014 with an ID for verification
- After ZendCon (or in your hotel room or somewhere else private) sign keys you verified and trust for other participants.
If you do not post to a public keyserver it is harder for other people to use your key. This means you will have to send it to each person who needs to use it, or host it on your personal webserver for people to find. The easiest way is to submit to a public keysever. However, I will point people to this Gist for any keys that are not hosted on a keyserver.
Hi @Danielss89 and @zombiesplat. I just added an uncon lightning talk at 2:45pm today for this.