Proposal for a Key Signing Party

Christopher Browne cbbrowne-HInyCGIudOg at public.gmane.org
Tue Jul 13 03:51:12 UTC 2004


> > participate should send their public keys to the organizer so that the
> > organizer can put together a nice list so as to make it easy for
> > everyone to verify their identities the day of the Party.
> 
> I'll leave it in your capable hands...

Well, I'm feeling mite "undercapable" this week; it has been _way_ too
busy lately.

It is always worth looking at a "key signing party guide" such as the
following:

  <http://www.w4kwh.org/privacy/keysign.html>

If we were to have 30 people trying to sign each others' keys, this
mandates a maximum of efficiency of procedure.

Alas, thus far, the largest number of people I have seen interested in
key exchanges at any given time has been 3.  (Myself, Drew Sullivan, and
Kristopher Coward...)

It's not worth doing too much centralized effort to handle this if there
are only a few people likely to participate.  

There's probably room for there to be a meeting that has talk doing an
overview of cryptographic matters followed by a "mass" key-signing.
Good questions to answer would be:

 - What is GPG?
 - How does it differ from PGP?
 - What good are digital signatures?
 - What good _aren't_ digital signatures?  (e.g. - what are the
   conspicuous limitations?)
 - Shouldn't we just be using public key encryption for everything?
 - What about AES?  Blowfish?  Twofish?  Who cares?

The alternative that we can _always_ do is for interested parties to put
together their own "GPG cards," which collect the vital information, and
make it easy for others to sign them.

I generally carry around a few such cards, which essentially read as
follows:

pub  1024D/6AA6A713 2002-03-14 Christopher B. Browne <cbbrowne-xzRQuAxiFLNWk0Htik3J/w at public.gmane.org>
     Key fingerprint = A525 A16B 8635 51A0 AE33  11D6 37B8 5950 6AA6 A713
uid                            Christopher B. Browne <cbbrowne-HInyCGIudOg at public.gmane.org>
sub  2048g/6F31906A 2002-03-14

I extracted that using the command:

% gpg --list-keys --fingerprint cbbrowne

The process is then that anyone wishing to sign my key will get the
card, from me, and then verify, against a couple pieces of ID, that I
can actually legitimately call myself by that name.  They can mark, on
the card, whatever they wish concerning what ID they checked.

Anyone wanting me to sign their key will give me their card, and I can
see about checking ID, and may, when I return home, sign their key, and
submit it to them and/or a public key server such as wwwkeys.nl.pgp.net.

No need for a special meeting; ought to be doable just about any time

I printed up my cards using gLabel <http://glabels.sourceforge.net/>;
others may wish to use other software...

Here's my gLabel document...

<?xml version="1.0"?>
<Glabels-document xmlns="http://snaught.com/glabels/2.0/">
  <Template name="Avery  5871" size="US-Letter" description="Business Cards">
    <Label-rectangle id="0" width="252pt" height="144pt" round="0pt" waste="0pt">
      <Layout nx="2" ny="5" x0="54pt" y0="36pt" dx="252pt" dy="144pt"/>
      <Markup-margin size="5pt"/>
    </Label-rectangle>
    <Alias name="Avery  5371"/>
  </Template>
  <Objects id="0" rotate="False">
    <Object-text x="13.5pt" y="14.625pt" w="0pt" h="0pt" justify="Left" a0="1" a1="0" a2="0" a3="1" a4="0" a5="0">
      <Span font_family="Bitstream Charter" font_size="14" font_weight="Regular" font_italic="False" color="0x000000ff" line_spac
ing="1">pub  1024D/6AA6A713 2002-03-14 </Span>
    </Object-text>
    <Object-text x="12.375pt" y="29.25pt" w="225.452pt" h="104pt" justify="Left" a0="1" a1="0" a2="0" a3="1" a4="0" a5="0">
      <Span font_family="Bitstream Vera Sans" font_size="16" font_weight="Regular" font_italic="False" color="0x000000ff" line_sp
acing="1">Christopher B. Browne <NL/><cbbrowne-xzRQuAxiFLNWk0Htik3J/w at public.gmane.org></Span>
    </Object-text>
    <Object-text x="13.5pt" y="65.8125pt" w="225.452pt" h="104pt" justify="Left" a0="1" a1="0" a2="0" a3="1" a4="0" a5="0">
      <Span font_family="Bitstream Vera Sans Mono" font_size="14" font_weight="Regular" font_italic="False" color="0x000000ff" li
ne_spacing="1">Key fingerprint = <NL/>A525 A16B 8635 51A0 AE33  <NL/>11D6 37B8 5950 6AA6 A713<NL/>sub  2048g/6F31906A <NL/>2002-0
3-14</Span>
    </Object-text>
  </Objects>
  <Data/>
</Glabels-document>

Attached is a .png of it...

I just printed off a sheet of 10 such "business cards;" feel free to
bring yours, as well as a piece or two of official photo ID (ideally,
passport + something else), and be a little early.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: output.png
Type: image/png
Size: 1781 bytes
Desc: GPG key/fingerprint for cbbrowne
URL: <http://gtalug.org/pipermail/legacy/attachments/20040712/92bb9cb7/attachment.png>
-------------- next part --------------
--
let name="cbbrowne" and tld="ntlug.org" in String.concat "@" [name;tld];;
http://www3.sympatico.ca/cbbrowne/nonrdbms.html
Never lend your car to anyone  to whom you have given birth to. 
--Erma Bombeck


More information about the Legacy mailing list