Slashdot Mirror

← Back to Stories (view on slashdot.org)

Organizing Large Key-Signing Events?

Posted by Cliff on from the keeping-the-trust-chain-intact dept.

FooBarBaz asks: "I'll probably be organizing a quite large (read ~ 300+ people) PGP/GnuPG-Key-Signing-Event. Everyone suspiciously eyeing each others ID and reading fingerprints to everyone else is quite out of the question with such numbers. How would you organize something like that and still be able to select 'I have checked very carefully' when GPG asks?"

15 of 31 comments (clear)

  1. ID by Komarosu · · Score: 3, Informative

    get all the attendees to bring ID in 3 forms. Utility Bill, Photo ID (passport/driving license), and a Cashcard/Bank statment. These 3 forms of ID will get you pritty much anything in the UK, from loans to mobile phone contracts.

    --

    "What do you mean you have no ice? Do you expect me to drink this coffee hot?" - Random Customer, Clerks
    1. Re:ID by WIAKywbfatw · · Score: 5, Insightful

      get all the attendees to bring ID in 3 forms. Utility Bill, Photo ID (passport/driving license), and a Cashcard/Bank statment. These 3 forms of ID will get you pritty much anything in the UK, from loans to mobile phone contracts.

      The odds are that the original questionner (Ask Slashdotter?) is American - only 5% of Americans own passports but, fortunately, most do have driving licenses that have a photograph on them. However, getting hold of a fake driving license is no problem in the US, and while a Texan might have no problem recognising a fake Texas license, s/he'll probably struggle to tell whether the license from Vermont that they've been presented with is the real mccoy.

      Utility bills are useful - until you realise that only one, maybe two, of the occupants in the average household will be responsible for paying the bills. Which means you're probably shit out of luck if you live with family, friends or are at college.

      Bank statements are also a mixed blessing. In the US, it's not uncommon for older kids (16+) to be issued with a credit card that's on their parents account. If you're a college student and this is you, then you probably never see a statement, and even if you do it's going to have one of your parents name on it not yours.

      Bottom line is this: try to be a little bit flexible when asking for identification. Not everyone has the same life, with the same neatly pigeon-holed pieces of paper.

      --

      "Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
    2. Re:ID by gl4ss · · Score: 2

      gee. it would be really nice to live in a country where you could not except everyone to have any id.

      but anyways, i think the original asker asked that how would you organize such an event, because everyone checking each others id's would be very time taking.

      --
      world was created 5 seconds before this post as it is.
    3. Re:ID by anthony_dipierro · · Score: 2

      You could confirm many SSNs by looking at their driver's license, but not everyone has an SSN on their driver's license. You could say driver's license number and state, but not everyone has that either. Maybe name, birthdate, and birth city?

      This is really the silly part of PGP webs of trust. Each use is going to need something different. Better to sign a certificate stating exactly what identification you have checked. Writeup something saying "I have verified that [Person] has a driver's license listing the name [Name]" and another one saying "I have verified that [Person] has a driver's license listing the address [Address]" or whatever else the person wants you to confirm and sign it.

  2. Maybe your event isn't such a good idea afterall. by Lauritz · · Score: 5, Insightful

    If you can't check, you shouldn't trust. By trying to bypass some of the checks, you bypass your own security and the security of those who trust you.

  3. Re:huh? by Anonymous Coward · · Score: 2, Informative

    Some problems can only be avoided by or are much less of a problem after direct contact: Keys are associated with names, not human beings. To make the latter association, you have to verify that the name belongs to the person. This needs to be done to avoid impersonations ("identity theft"). Man-in-the-middle attacks can only be avoided if some information is exchanged, which is guaranteed to be untampered. Listening in is ok with public key systems, but if someone can present their keys in place of someone elses and you don't notice, the man in the middle can read and modify everything. The only safe way to verify the name-person relation is to meet in person. The PGP web of trust is a mechanism to reduce the amount of work which participants need to put into meeting eachother by delegating trust. It is not meant to avoid this step altogether. Meeting in person may also give you a better idea of the trustworthyness of the other person. You may want to differentiate between trusting the other person's key validity and your trust in the other person's ability to verify and reliably sign other people's keys.

  4. Cow market by jukal · · Score: 2, Funny
    I'll probably be organizing a quite large (read ~ 300+ people) PGP/GnuPG-Key-Signing-Event. Everyone suspiciously eyeing each others ID and reading fingerprints to everyone else is quite out of the question with such numbers. How would you organize something like that

    Have a group of 10 individuals (changing constantly) do the initial verfication of the IDs (passport, etc), then if it passes this test, display the IDs on the wall using a projector, while displaying the live-image of the guy/girl in another image on the wall. Now, if anyone does not say "BOOOOOOOO!" I think he has been pretty well verified.

  5. Verify the email addresses as well by Fluffy+the+Cat · · Score: 3, Informative

    1) Get everyone to mail their fingerprints to the organiser beforehand
    2) Set aside some time for verification. Get a big projector
    3) Get people to come up one by one, show their id and verify that their fingerprint is correct
    4) Remind everyone to check that the email addresses on the key are actually owned by the person owning the key (use that key to encrypt a message to each address with a unique cookie in. Ask the recipient to send it back to you either unencrypted or encrypted with your key).

    The last step is important, since otherwise I can claim to be billg@microsoft.com and you signing my key states that you believe me to be billg@microsoft.com. I can then send mail signed with that key, and people within your web of trust will get a message saying that there's a valid signature and that the sender is believed to be billg@microsoft.com.

    It really is important to verify all the information in the key, not just the name of the person.

  6. Webs of trust by pete-classic · · Score: 3, Insightful

    I'm no expert, but I thought that part of the idea was that people sign the keys of people they actually know. This forms an interlocking verification -- a web of trust.

    It sounds like you are trying to build a "monolith of trust." Maybe you are having trouble because your idea goes against the grain.

    -Peter

  7. Easy by rweir · · Score: 3, Interesting

    Just get everyone to come along with 50-odd copies of their fingerprint/address/etc. Everyone can wander around, introducing themselves to each other and exchanging fingerprints. Why not combine the practical with the social? Lord knows the type of people who go along to key-signing parties need all the help they can get:)

  8. How it was done at OLS by irix · · Score: 2

    Check out how this was done at years past at the Ottawa Linux Symposium.

    --

    Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
  9. Start Here by 4of12 · · Score: 3, Funny

    here.

    But you're right, there ought to be a little bit more granularity in the trust specfications.

    [Reminds me of when my brother in law sent me a Power of Attorney so I could act in his behalf for his minor son.

    I didn't tell him that I was thereby enabled to do a lot financial transactions on his behalf, sell his house, etc.]

    They need a few more questions, like:

    "I'd trust Alice with a loaded gun pointed at me after she's had 8 drinks and I rear-ended her new car."
    --
    "Provided by the management for your protection."
    1. Re:Start Here by John+Hasler · · Score: 2

      > "I'd trust Alice with a loaded gun pointed at me
      > after she's had 8 drinks and I rear-ended her new
      > car."

      Amusing, but I think it is important to emphasize that it's about whether this person is the rightful possessor of the passphrase for that private key, not whether she is a saint or an axe-murderer.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  10. How to run a keysigning party by Piquan · · Score: 2

    This is in multiple FAQs, the best of which is the top match on Google for "keysigning party". Read it. But here's the basic idea.

    1. Pick a keyserver.
    2. Have everybody send it their public keys.
    3. Make a table of everybody's owner (name and email addr), fingerprint, keysize, and algorithm, along with a checkbox. Make 300 copies.
    4. Rent an opaque projector, a screen, a microphone, stand, amp, speakers, and 300 chairs.
    5. Have everybody show up with ID, a pencil, a writing surface, a copy of their fingerprint, and a writing surface. No computers needed; this is NOT to be done digitally! (That's a bad idea; see above link for why.)
    6. Put a copy of the key sheet on the opaque projector. Call out the first name on the list. Have the key's owner should come up and put their ID on the opaque projector, and attest to the correctness of their own key on the projected list.
    7. Each attendee verifies that the ID is okay, the projected key matches what's on their copy, and checks off the ID.
    8. Repeat the last two steps 300 times.
    9. Attendees go home.
    10. Make a keyring for your attendees. Put it somewhere publicly accessible. (This is so not everybody has to repeat this step.)
    11. Attendees import the keyring. For each key they checked off, they verify that the key in the keyring matches, and sign it.
    12. Attendees upload their signatures to the keyserver.

    That's the basic idea. You can also do this as a mob, but for 300 attendees, that may be suboptimal.

  11. Re:Authencators by John+Hasler · · Score: 2

    > What you could possibly have are Authencators at
    > the event, when people enter the event there ID
    > and methods of validation can be checked.

    This is a very, _very_ bad idea. You should never _ever_ sign the key of someone you have not personally authenticated. What you are suggesting is equivalent to telling me that I should sign Wichert's key because I authenticated Scott and signed his key and he authenticated Wichert and signed his key.

    Divide your group of 300 into subgroups of such a size that all members of each subgroup can authenticate all the other members of that group in the time available. Then pick one representative from each subgroup and have these meet and authenticate each other. Now you have a complete web of trust for your group with no chain longer than three links.

    > Are the authencators trusted?

    Not as substitutes for personal authentication.

    > What happens to people without valid id?

    If they cannot satisfactorily identify themselves they do not get their keys signed.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.