[clug] request for comment: new keysigning protocol

Paul Wayper paulway at mabula.net
Thu Feb 4 12:16:41 MST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/02/10 14:21, Nemo Maelstrom Thorx wrote:
> 
> 
> Hi all, 
> 
> I've been helping a friend with an idea for a keysigning protocol, and
> additional eyes looking at it would be nice now. It's written up here:
> 
> http://woozle.org/~neale/papers/tank-tread.html
> 
> My preferred variant isn't written up there, but moves people the same
> basic way, but without the need for the setup. ie, the preperation of
> ad-hoc, but with the tank-tread loop of people presented here. 
> 
> ad hoc reference: http://www.keysigning.org/methods/adhoc
> (I was surprised when I started looking into this that the ad hoc
> "folded line" is the best people handling method noted!)
> 
> So, comments/request-for-clarification/suggestions/ideas/willingness-to-try-it-out?

This looks like most of the Sassaman Efficient method:

http://keysigning.org/methods/sassaman-efficient

Key signing is a very complex security problem and there are all sorts of
little loopholes that you have to guard against.  Martin Krafft is tireless in
his efforts to point these out at LCA - for example, he has a realistic
looking European identification card but it's trivial to get one in whatever
name you like (or something like that) which has fooled any number of
Australians who just look at it and say "well, that looks vaguely official,
must be good".

The problems with the tank tread method are that it requires a fair bit of
space, puts pressure on the participants to tick things off and not hold the
line up, a person can give different responses to different people (so the key
that Eve gave me is not the same as the one she gave you, but we both sign it
as if that's her correct key), and a few others that I can't think of off the
top of my head.  Don't underestimate the possibilities for the organisers to
throw something screwy in as well.

Hope this helps,

Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAktrHRkACgkQu7W0U8VsXYJFYQCcDtiCj/mVJGG65tLHF2aZNDS2
cGEAniaqrjl8eW1eKBgBCW9lrnrWVNVt
=N8+H
-----END PGP SIGNATURE-----


More information about the linux mailing list