robbat2 at gentoo
Aug 20, 2012, 10:47 AM
Post #1 of 3
This is from a thread back in January, I've deliberately split it to
Keysigning party methodology: Sassaman-Efficient & centralizing printing
ask for a clarification.
Message-ID: <87vcnt8d3b.fsf [at] vigenere>
From: Werner Koch <wk [at] gnupg>
Subject: Re: [PATCH] Allow printing key digests in key edit
On Mon, Jan 30, 2012 at 03:44:08PM +0100, Werner Koch wrote:
> On Mon, 30 Jan 2012 14:36, christian [at] quelltextlich said:
> > - Is it feasable to ask people to check printouts of SHA2 digests before
> > coming to key-signing parties?
> [. And you should not use the key checking method you have in mind.
> Exchanging paper slips is the only solid way to run a key signing
> party. I am really sorry, that we came up with that crypto-cool key
> signing scheme back at the Utrecht keyserver admins back in 2000. It
> does not work in practice. ]
I've seen some prior mentions of problems in crypto-cool parties, but
I'd like to know if this means that the Sassaman-Efficient method should
NOT be used.
I also have some additional comments & queries about Sassaman-Efficient
and running large parties:
1. If anybody is daunted by Before:step#3, there are tools for it:
- gpgparticipants in the signing-party package (plain text output)
- pius-party-worksheet in PIUS (HTML output)
Having sane page-breaks in text file is really useful important as well.
2. Having to deal with a few pages of paper is a vast improvement on N
small pieces of paper with key signatures.
3. The original directive is for participants to print their OWN copy.
If they are travelling a long way and the list is only ready very close
to the event, this is problematic:
- they don't want the hassle of carrying the paper
- they might forget it
- if it's only ready close to the event, there is a scramble for EACH of
them to find printing services.
As such, I would like to propose the following set of variations, to
alleviate this problem (latecomers still give paper slips, but everybody
else is on a centrally printed copy).
Changes to the "Before The Event":
- Organizers submit the list file to a timestamping service.
- The participants download & checksum-verify the final list before the party.
They can optionally print it, but the important thing is that they
have downloaded it.
- The organizers print enough copies of the list for everybody PLUS any
- All latecomers should have their key paper slips!
Changes to the "At The Event"
- Organizers distribute their printed copies to everybody, including
those come late or did not have their keys submitted in time.
- Each participant checks that their own key is correct (check #1
against the organizers being honest).
- Several participants can (should) also optionally have their own
printed copies as check#2 for honest organizers. The human eye is
quite good as spotting small differences in comparison (when not
distracted by other tasks, so the gorillas are seen), so optically
checking their own copies against the organizer copies is useful.
- When each participant announces that that their key is correct, take
care to include the key ID.
- Latecomers should join the very end of the ID line, and give the other
person their slip like normal.
Changes to the "After The Event"
- If a participant did not download the file before the party, they
should use the timestamping service results to check that it has not
been modified since the party.
- In step #2, the participants must also check the final list that they
downloaded. It should be identical to the printed copy they were given
by the organizer (check #3 that the organizers were honest).
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail : robbat2 [at] gentoo
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
Gnupg-devel mailing list
Gnupg-devel [at] gnupg