Begin anonymous forwarded message:
I'm going to really prove my ignorance when it comes to all things pgp. Now that we've done the verification as to who's who, and everyone owns their own key, what does one do, so sign someone elses key, or get their key signed by someone else ( should they want to ).
I kind of forgot to talk about what we do after we were finished with all the hexadecimal and drivers licences. So here we go: 1. Download the public key ring from buglumber and import it. 2. For each person whose identified you are satisfied with, check the fingerprint on the downloaded keyring against the sheet of verified fingerprints. 3. If you feel like it, sign the key with yours. This is a convenient way to record the fact that you have verified the accuracy of the key. 4. If you feel like it, send the signed public key back to the person who gave it to you. This provides an additional path through the web of trust for people to trust your key, and is generally a handy thing to have. 5. If you feel like it, upload the key with your signature to one or more key servers. This is good for the same reasons that 4 is good. Lather, rinse, repeat for all keys.