[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP key-signing party?

To: phil@temples.com
Subject: Re: PGP key-signing party?
From: Jim Dennis <jimd@starshine.org>
Date: Sun, 10 Jan 1999 21:08:33 -0800
Cc: sage-members@usenix.org
In-Reply-To: <3697C173.D95C21CF@temples.com> Message Apparently From Phil Temples <phil@temples.com> Dated Sat, 09 Jan 1999 15:52:03 EST.
Sender: owner-sage-members@usenix.org


 
> Dear SAGE members,
 
> I've suggested to our local IT users group that we hold a PGP
> key-signing party at our next monthly meeting.  I've never actually been
> a part of a key-signing party, and so I am looking for suggestions on
> how to structure this critter.  I have given it some thought, and
> believe that I know the requirements, but I don't want to overlook
> anything.
 
> Comments (direct to me) if you have any, and I'll be glad to summarize
> for the list.  Thanks in advance.
 
> Phil

  I recently suggested something similar to a Linux users group
  of which I'm a member.  Here's that messages with some details
  about how I envision it.  I've been to a couple of PGP key signing
  parties --- though I didn't participate:

    

	One idea for an SVLUG/LinuxWorld Event:

		A GNUPG/PGP (GNU Privacy Guard) key signing
		party.

	GPG is pretty close to 1.x now (fully functional on Linux
	so far as I know) and will hopefully be widely adopted
	over the next few months.

	With the number of 'out-of-town' Linux enthusiasts that
	we hope to draw to this event --- including a number
	of bigname core developers, etc --- this would be a 
	rare opportunity to extend the "web of trust" through
	our digital signatures.

	Let me give a bit of background here:

	When you receive a digitally signed message which is 
	purportedly from me you have no direct way of authenticating
	that signature.  You could check my web pages to see if I've
	posted a PGP/GPG "fingerprint" (a two line cryptographic
	checksum of my public key).  But you don't know for sure
	that those are "my" web pages.  Likewise for e-mail
	infobots, finger, etc.

	If you've met me in person, and I gave you my key in 
	person then you can associate "me" (my face and voice)
	with that key.  If you checked my drivers license and/or
	passport when we met you can make a reasonably strong
	(in the legal sense) assertion that associates my 
	name and face  with my key.

	If someone you know (with some degree of "trust" ---
	say you've been meeting them at SVLUG meetings for a 
	couple of years, or they worked with you, or you're married
	to them, or something) introduces you to me; this also
	increases your confidence in who I am.  (In this you
	trust not only the honesty and integrity of the introducer,
	but their competance as well.

	That is the heart of the "web of trust."  We use digital
	signatures to sign public keys to say: "I'm reasonably
	certain that this key belongs to a person that I'm
	reasonably certain goes by this name at this e-mail
	address"  

	If I get a key that's signed by three or four people
	who I know and trust (I trust their competance and 
	don't perceive them as having any mutual self-interest
	in deceiving me) then I can be reasonably certain
	that the key is good (or *was* good at the time that it
	was signed).

	Once I get a (public) key signed by a number of people I can
	send it to a key server.  People can then query the key
	server (generally by e-mail address) to get keys that are
	associated thereby.  They can then make their own judgement
	based on the signatures attached to that key.

	The normal protocol for a keysigning party works something
	like this:

		Each participant creates their key pair 
		(private and public).

		They secure their private key (putting it 
		on a floppy, protecting it with a non-trivial
		passphrase, sequestering it on a "secure" 
		system, or whatever).

		They publish their public key.  That is that they
		make it available on a web page, ftp site, or
		via their .plan (if they maintain an account
		with finger enabled).

		They produce and print a "fingerprint" of their
		public key (and mail that to a "referee"). Then
		they show up in person at the key signing party
		with their key's fingerprint.

		The refereee, or any participant, prints many 
		copies of the list of fingerprints for everyone 
		who plans to attend the keysigning.

		At the party each fingerprint is read aloud ( or
		displayed on an overhead) and "claimed" by someone.
		People who are reasonably certain that they "know"
		that person will initial their copy of that
		fingerprint.

		Later, each of the people who is interested will
		go home, fetch copies those keys that belong to people
		they "trust" (believe that they know) add them
		to their keyrings and sign them.  They'll return the 
		signed keys to their owners.

		The keys that they've added to their keyring(s) will
		accumulate.  That becomes their web of trust.

	Here's where my understanding of the protocol breaks down.
	(Time to confess that I've never used signed PGP keys).  The
	idea is that I want to take the keys that I have, and the
	list of detached signatures to them and bundle them together
	to post them to my keyservers (public or private).  Then
	anyone grabbing the resulting key can look at the list of 
	signatures and assign a degree of confidence to that new
	key based on the number and nature of the people who signed
	it (with keys that *are* already on my key ring).

	If someone has accepted my key on their ring, and I later
	sign the key for a party that was previously unknown to 
	them, than that third party can offer a signed public key to
	the first party.  That first party will see my signature and
	(probably) decide to trust my signature to some degree.
	They will then add the third parties key to one of their 
	rings.  If that third party later signs the key of a fourth
	party --- the first party might not trust it (on that basis)
	but if the fourth party's key was signed by a couple of
	third party key holder (who appeared to have not mutual
	self-interest in deceiving me) I might accept that.

	Another method for authenticating keys is to call the 
	purported owner on the phone (using whatever level of
	phone directory you "trust") and ask them to read their
	key's fingerprint over that.

	Again, key signing and building the web of trust is
	particularly important at this point in the development
	of Linux.  There are a few hundred "world-wide known people" 
	in the community and the recent explosion of Linux' 
	popularity will mean that you will know far fewer of them
	by reputation.  (Also there have already been cases of 
	trojans and forged defamation on mailing lists and 
	newsgroups).  We need to address those concerns.
	

--
Jim Dennis  (800) 938-4078		consulting@starshine.org
Proprietor, Starshine Technical Services:  http://www.starshine.org

References:
- PGP key-signing party?
  - From: Phil Temples <phil@temples.com>

Prev by Date: Favor - Sysadm Class Help
Next by Date: Teaching System Administration with limited hands-on
Prev by thread: PGP key-signing party?
Next by thread: Favor - Sysadm Class Help
Index(es):
- Date
- Thread