FIRST uses Pretty Good Privacy (PGP) encryption for cryptographic privacy in communications with members. In order to provide open channels in which the members can also encrypt messages to the FIRST Secretariat, board members and other teams, FIRST publishes public keys on the public and members' only websites:
John Kristoff of NETSCOUT ASERT, is coordinating in-person PGP key signings for FIRSTCON22 attendees. If you wish to participate, please send a copy of your public key to John via email (To: jtk [at] dataplane [dot] org with Subject: FIRSTCON22 PGP public key).
NEW: Meet at the Security Lounge on Level 2 (where the FIRST challenges are being run out of) during the 30-minute breaks (10:30, 15:20) and at Lunch (12:20) on Monday and Tuesday. The networking breaks tend to be short, and some may not be able to make it, so don't worry about missing it or not completing the process in one break. For lunch, we will gather people for about 15 minutes then go eat and sign keys together. Additional Ad-hoc key signings will occur throughout the week in the SecLounge. Watch this space for updates.
Be sure to have a paper copy of your PGP key email address, key ID, and key fingerprint along with one or more official government issued photo IDs so that others may verify your key and you personally. While we welcome CSIRT or other shared team keys, many key signing participants will not sign team keys, only individual keys. For additional information on PGP and the key signing process the following links should help familiarize you:
Please note: Due to various limitations with PGP key servers today, such as their susceptibility to flooding attacks and limited synchronization, we recommend sending signed keys, preferably encrypted, individually and directly to each associated key party attendee after any key signing party verification activity.
Private messages can be sent to the FIRST Infrastructure using it's public PGP key:
FIRST Infrastructure Public PGP Key
7735 1149 3722 9A3C 2129 8903 7F8C 6565 13F6 AD57
These keys are available for FIRST members only. FIRST members have access to other members' and teams' public PGP key.