Recording keysigning attendants on phone (was: Hybrid keysigning party, your opinion?)

Peter Lebbing peter at
Thu Dec 8 12:20:01 CET 2016

On 08/12/16 07:29, Lachlan Gunn wrote:
> If I understand correctly, the late attendees still get a copy of the
> fingerprints after the fact, they just don't have it on their sheet of
> paper.  The fingerprint-less piece of paper just lets them keep a record
> of who they have verified, and gives them a hash of the list that does
> have the fingerprints, which they can compare with the people who were
> ready beforehand (to make sure that the fingerprints have been verified
> by the identity holders).

Yes, that is spot on what I had in mind. What do you think?

> Does the idea have flaws that I'm blind to?

I can't say as to your perception, but all these "verify at the party, sign
after the party" share the problem that the list could be modified in the time
between verifying and signing.

Somebody could picpocket your list, add checkmarks with the same type of pen you
used, and then sneak it back into your possession. That's a physical act that
requires an intimate level of proximity.

A phone or tablet is a wirelessly connected device that could be hacked from a
distance, and it could be done even before the keysigning.

I'd say the latter is in principle more vulnerable; but it depends on your
threat model. If, for instance, you've already concluded that you want to have
your primary key on the same phone or tablet, it doesn't matter anymore if you
then also keep this party list on there.

For the sake of my sanity and the fact that I'll need to make the decision about
the 33C3 keysigning soon, let's please not mingle these subthreads. If you reply
to my "What do you think?", I'd suggest re-instating the previous Subject:-line :-).

Thank you!


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list