[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debconf2 keysigning

On Fri, 21 Jun 2002, Scott Dier wrote:

>        Keysignings in large parties that I've been in run something like
> this [actually, every one I've been to was ran by Theodore Ts'o]:
>   1) Someone requests all the keys of people showing up to be sent to an
>   email address.
>   2) Such person prints up a ton of copies of this list.
>   3) At the event, person (with possible volunteers) calls out the type
>   of key, uid, and fingerprint.  Owner of key verifies that the
>   fingerprint matches to information that they have brought (written
>   down, on laptop, etc) and says that the fingerprint is correct.
>   4) After all fingerprints are verified, people go about doing ID checks
>   with each other and mingling, etc.  This can take a while.  Upside is
>   that since the fingerprint verification has already happened it takes
>   less time.

I liked the procedure used at the Linux Kongress 2000 a bit better:

 1. Someone requests all the keys of people showing up to be sent to an
    email address.
 2. Such person builds a canonical text file and puts it up on the net
 3. Everyone wishing to attend the party downloads the text files,
    calculates its md5 hash and prints it
 4. At the event person announces the md5sum
 5. In turn everyone stands up and verifies that the fingerprint on the
    list is correct.
 6. either point 4 of Scott's list or
    Using a camera and projector or similar technology each attendee
    shows his ID on the big screen so everyone can read it.

This has two advantages:
 - no need to read the long key ids
 - id verification is way faster


 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

Attachment: pgpyoZkOTl7Ip.pgp
Description: PGP signature

Reply to: