Virtual Keysignings

Burns burns@runbox.com
Sat Jun 7 03:28:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --- Daniel Luebke <list@daniel-luebke.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Everybody!
> 
> I have a question about keysigning: What do you think of signing
a
> person (or having a keysigning party) which is conducted through
a video
> link?
> On the one hand it would be a great opportunity to establish
trust (you
> can show your passport into the camera, the picture must match
the
> person), on the other hand you're doing this through an
untrusted medium
> (internet- or telefon-line-link) which you could indicate
through the
> sig-class?
> What are your opinions about this topic?
> 
> Thanks
> 
> Daniel

I still think there is no substitute for an in-person meeting with
a photo ID.

For an organized keysigning, I can't think of a better method than
the following outline (see URL below) to make sure that everybody
is "singing from the same sheet music"--without laboriously going
through every key fingerprint in the group. This method provides
enough confidence that everybody has checked their own key's
fingerprint (at home) from the pre-distributed public key block,
and then agrees (in the group) that they have derived the same md5
hash for the pre-distributed public key block as everyone else. As
a final safeguard, you can send the keys that you sign to the
owners, encrypted with the same public key that you just signed.


=======================================================

Efficient Group Key Signing Method
Revision 1.2

Document Author: Len Sassaman 

http://sion.quickie.net/keysigning.txt

=======================================================

gpg: Signature made Thu 11 Apr 2002 04:44:40 PM CDT using RSA key
ID 5DE480FC
gpg: Good signature from "Len Sassaman <rabbi@abditum.com>"
gpg:                 aka "L. Sassaman <rabbi@quickie.net>"
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to
the owner.
Primary key fingerprint: B115 73A8 91A8 05DC B26D  CBEB 4A0A 8149
5DE4 80FC

=======================================================

Randy


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+4T5GhNLaTSzsrh8RAs0wAJ9qxb/QGSRi5DuOzuBf/j2cRNjPRwCgr+c8
qoQRxoh8MvWOv1BI2/ogIXI=
=KcR7
-----END PGP SIGNATURE-----