[clug] request for comment: new keysigning protocol

Paul Wayper paulway at mabula.net
Sat Feb 6 17:13:23 MST 2010

Hash: SHA1

On 05/02/10 12:37, Nemo Maelstrom Thorx wrote:
> But it's *more* space efficient - and time efficient - than the 'folded
> line' method as mentioned in both ad hoc, and Sassaman-Efficient. To
> quote http://keysigning.org/methods/sassaman-efficient
>  > everyone forms a long line in the same order as their keys appear in the
>  > list. The head of the line then folds back on itself and the
>  > participants moving back along the line inspect the ID of each
>  > participant standing still.
> This requires a line n participants long, which folds to become two n/2
> lines in parallel, and then reduces down to 2 final participants. It's
> a O(2n) process. 
> Tanktread is a O(n) process. Everyone signs a key on every step (there
> being no end-of-line which has to wait for the start of the line to
> reach), and everyone finishes at the same time. 

I think you'll find that in fact they're exactly the same thing.  The folded
line is a tank tread.  In both methods you sign a the key of the person on the
other line - the only way to guarantee that you sign every other person's key
is to meet every other person, so it has to be an O(n) process.  In both
methods, at each step along the line you see someone else's credentials, show
them yours, record something about them on your key list and move on.  We did
the folded line method at LCA2008 when the projector wasn't working, and it
was exactly the process (as I recall) described in the Tank Tread write up (as
I read the description).

The other key point to make here is that this method is relatively simple to
understand.  There's one loop, and you progress along it until you meet the
person you met first.  You're seeing people face-to-face, which gives you the
opportunity to inspect their ID, and humans are much better at inspecting
people's faces close-up than via a projector or camera.  It's relatively
simple to explain and once people get the hang of it it goes fairly smoothly.

> The 'not holding the line up' is a valid concern - but how does this not
> equally apply to the folded line method?

I'd say it's exactly the same.

The key things you're judging in a key signing are:

1) That the person showing their ID is the person on the ID.
2) That that ID identifies the person associated with the key.
3) That the person claims ownership of that key.

In a key signing, we have to make it as easy as possible to judge those three
things and to prevent as much as possible any manipulation of the conditions
that allow a person to assert them all as true.  Somewhat annoyingly, key
signing is a very manual process - the Sassaman Projected is about the most
efficient people have come up with so far, and that's basically because it
allows participants to sit down in one place for most of the signing.  Holding
your key details, forms of ID, the list of everyone else's keys and a pen and
hard surface to write on while walking in a line moving past a whole bunch of
other people doing the same thing is not quite as elegant as one might hope for.

The "Tank Tread" name is a good descriptor, though, probably better than
'folded line' (which may give the impression that the line only folds in one

Have fun,

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/


More information about the linux mailing list