From: Bruce Baugh <bruceab@teleport.com>
Date: Wed, 24 Jan 1996 09:12:33 +0800
To: cypherpunks@toad.com
Subject: re: [local] Report on Portland Cpunks meeting
Message-ID: <2.2.32.19960123231308.006a1fa8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


>This begs the question, "How would you conduct an efficient key signing 
>given what you have learned?" I am in the process of organizing one and 
>would like to get input as to the best way that this should take place.  
>Should people bring key fingerprints and public keys on floppy?  Would it 
>be nice to be online and grab public keys off of a key server? How would 
>you conduct a nym signing?

I'd go for somewhat clearer instructions than seem available. To wit:

1) Each participant, send your public key in ASCII armored form to the one
coordinating the signing.

2) The coordinator will collate these into a single key file and have a list
of key IDs and fingerprints.

3) Bring a printout of your key's fingerprint. You will read this off for
others to compare with their copies of the coordinator's list. Have ID and
such to show that you're you, or some other way of establishing that you are
who you say you are. (In our case, everyone could be vouched for by at least
one other person known to the others.)

4) The coordinator will [send by email|pass out on disk|whatever] the
collated key file. Back home, sign each of the keys that actually got
verified at the signing. Mail this back to the coordinator.

5) The coordinator will collate the results of this, and send you the new
version. Add these. Now you've got your key and the other keys, all signed
by everyone there.

Grabbing keys off a server would certainly be doable, too. The key (no pun
intended) thing is that people have their fingerprints in a useful form - so
when we do it again, I hope Alan specifies printout, handwritten text, or
something else that doesn't require a computer. And of course folks
shouldn't bring their actual secret keys with them.

The nym signing is an idle thought of mine. I have a nym key which is, at
the moment, signed only by itself. I know friends of mine have nym accounts.
if we could assemble a group of folks whom I can trust enough to link the
nym and myself, it'd be nice to add some more signatures to the nym key, and
vice versa.

On the other hand, the accumulated signatures would probably point right
back at any group talking about such a thing, like me right now. :-)

Maybe it's infeasible.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab