Efficient key signing at key signing parties
Ca. 318 ord.
I recently read the Sassaman-Zimmermann -
Efficient Group Key Signing Method (S-Z). I must admit I was
very disappointed.
One of the primary issues in key signing is that you do not sign
someone's key unless you are 100% sure the person is who he claims
to be. In S-Z this is done in step 8:
8. Identity verification is done according to the
individual policy of those people signing keys.
If the verification involves looking at the persons passport
then you can get a much more efficient key signing by the
following:
- Everyone bring small pieces of paper (called key cards) with
key information on his own key (including the key id, key owner,
key fingerprint, key size, key type and where to download the key).
A key card could look like this:
Key ID |
992A4B3F |
Key Owner |
V. Alex Brennen <vab@cryptnet.net> |
Key Fingerprint |
0EC8 B0E3 052D FC4C 208F 76EB FA92 0973 992A 4B3F |
Key Size |
1024 |
Key Type |
DSA |
Download |
http://www.cryptnet.net/people/vab/ |
|
- Every signer goes to every signee, checks the passport and
receive a key card. If you are n persons that are both signers and
signees, you simply form one long line. Person 1 goes to person 2
exchange eachothers key cards and check eachothers passports, then
1 continues to 3 and 4 ... n. After person 1 has been at person 2,
2 goes to 3 does an exchange and continues to 4 ... n. 3 goes to 4
... n, 4 goes to 5 ... n.
- When the signer returns home he processes every key card by
downloading the key, signing it and either uploading it to a
keyserver or emailing it to the key owner.
|