From: “Perry E. Metzger” <perry@piermont.com>
To: Weld Pond <weld@l0pht.com>
Message Hash: c1770801449ddab9334755dccb9f9a3f6ddddb5d590419c869557aca70814834
Message ID: <199601232140.QAA11115@jekyll.piermont.com>
Reply To: <Pine.BSD/.3.91.960123143344.3181A-100000@l0pht.com>
UTC Datetime: 1996-01-23 23:59:26 UTC
Raw Date: Wed, 24 Jan 1996 07:59:26 +0800
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 07:59:26 +0800
To: Weld Pond <weld@l0pht.com>
Subject: Re: [local] Report on Portland Cpunks meeting
In-Reply-To: <Pine.BSD/.3.91.960123143344.3181A-100000@l0pht.com>
Message-ID: <199601232140.QAA11115@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
Weld Pond writes:
> This begs the question, "How would you conduct an efficient key signing
> given what you have learned?" I am in the process of organizing one and
> would like to get input as to the best way that this should take place.
The IETF key signing parties are the largest in existance -- about 100
people exchange signatures.
The way you handle it is this:
Every person's key is pre-submitted to key signing party organizer,
who prints a list of names and fingerprints on paper and xeroxes
enough for everyone attending.
Each person gets a sheet. Either each person in the room reads their
fingerprint in turn from their own copy, with each person in the room
checking the read fingerprint against the fingerprint on the handout,
or an appointed reader (or set of readers at the last IETF) read the
fingerprints in turn and ask the owner of the key to then simply say
"yes" or "its mine" or whatever to verify that the fingerprint matches
their own copy of the print.
Afterwards, each person will have a sheet with checkmarks next to
every fingerprint they think really belongs to a particular person's
key. They then go off later on, download the keyring for the party
from sonewhere, and sign everything they want to sign and mail back
the signed keys to the party organizer.
This is about the only way to handle things -- it turns the N squared
problem into an O(N) problem, which is still very bad if there are
more than about twenty people around.
Perry
Return to January 1996
Return to “Weld Pond <weld@l0pht.com>”