Keysigning party methodology: Sassaman-Efficient & centralizing printing

Robin H. Johnson robbat2 at gentoo.org
Mon Aug 20 19:47:48 CEST 2012


This is from a thread back in January, I've deliberately split it to
ask for a clarification.
Original thread:
Message-ID: <87vcnt8d3b.fsf at vigenere.g10code.de>                                                                                                            
From: Werner Koch <wk at gnupg.org>                                                                                                                            
Subject: Re: [PATCH] Allow printing key digests in key edit   

On Mon, Jan 30, 2012 at 03:44:08PM +0100, Werner Koch wrote:
> On Mon, 30 Jan 2012 14:36, christian at quelltextlich.at said:
> > - Is it feasable to ask people to check printouts of SHA2 digests before
> >   coming to key-signing parties?
> [ And you should not use the key checking method you have in mind.
>   Exchanging paper slips is the only solid way to run a key signing
>   party.  I am really sorry, that we came up with that crypto-cool key
>   signing scheme back at the Utrecht keyserver admins back in 2000.  It
>   does not work in practice. ]

I've seen some prior mentions of problems in crypto-cool parties, but
I'd like to know if this means that the Sassaman-Efficient method should
NOT be used.
http://www.keysigning.org/methods/sassaman-efficient

I also have some additional comments & queries about Sassaman-Efficient
and running large parties:

1. If anybody is daunted by Before:step#3, there are tools for it:
- gpgparticipants in the signing-party package (plain text output)
- pius-party-worksheet in PIUS (HTML output)
Having sane page-breaks in text file is really useful important as well.

2. Having to deal with a few pages of paper is a vast improvement on N
small pieces of paper with key signatures.

3. The original directive is for participants to print their OWN copy.
If they are travelling a long way and the list is only ready very close
to the event, this is problematic: 
- they don't want the hassle of carrying the paper
- they might forget it
- if it's only ready close to the event, there is a scramble for EACH of
  them to find printing services.
As such, I would like to propose the following set of variations, to
alleviate this problem (latecomers still give paper slips, but everybody
else is on a centrally printed copy).

Changes to the "Before The Event":
- Organizers submit the list file to a timestamping service.
- The participants download & checksum-verify the final list before the party. 
  They can optionally print it, but the important thing is that they
  have downloaded it.
- The organizers print enough copies of the list for everybody PLUS any
  latecomers.
- All latecomers should have their key paper slips!

Changes to the "At The Event"
- Organizers distribute their printed copies to everybody, including
  those come late or did not have their keys submitted in time.
- Each participant checks that their own key is correct (check #1
  against the organizers being honest).
- Several participants can (should) also optionally have their own
  printed copies as check#2 for honest organizers. The human eye is
  quite good as spotting small differences in comparison (when not
  distracted by other tasks, so the gorillas are seen), so optically
  checking their own copies against the organizer copies is useful.
- When each participant announces that that their key is correct, take
  care to include the key ID.
- Latecomers should join the very end of the ID line, and give the other
  person their slip like normal.

Changes to the "After The Event"
- If a participant did not download the file before the party, they
  should use the timestamping service results to check that it has not
  been modified since the party.
- In step #2, the participants must also check the final list that they
  downloaded. It should be identical to the printed copy they were given
  by the organizer (check #3 that the organizers were honest).

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2 at gentoo.org
GnuPG FP   : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85



More information about the Gnupg-devel mailing list