Begin anonymous forwarded message:
> I'm going to really prove my ignorance when it comes to all things
> pgp. Now that we've done the verification as to who's who, and
> everyone owns their own key, what does one do, so sign someone elses
> key, or get their key signed by someone else ( should they want to ).
I kind of forgot to talk about what we do after we were finished with
all the hexadecimal and drivers licences. So here we go:
1. Download the public key ring from buglumber and import it.
2. For each person whose identified you are satisfied with, check the
fingerprint on the downloaded keyring against the sheet of verified
fingerprints.
3. If you feel like it, sign the key with yours. This is a convenient
way to record the fact that you have verified the accuracy of the key.
4. If you feel like it, send the signed public key back to the person
who gave it to you. This provides an additional path through the web of
trust for people to trust your key, and is generally a handy thing to
have.
5. If you feel like it, upload the key with your signature to one or
more key servers. This is good for the same reasons that 4 is good.
Lather, rinse, repeat for all keys.
