[ale] PGP/GPG Session... RFC...

Michael H. Warfield mhw at wittsend.com
Tue Oct 15 13:47:29 EDT 2002


On Tue, Oct 15, 2002 at 04:07:12PM -0000, greg at turnstep.com wrote:

	Please watch your attributions...

	I wrote this:

> > Formal keysigning parties are time comsuming and require some
> > preparation and cooperation in advance.  If we have the same size crowd
> > that we had at this last meeting, a keysigning party will consume the
> > entire session.  If we want a keysigning party, I will need to start SOON
> > to call for keys and build a keyring and printouts.  A keysigning party
> > means everyone who wants their key signed comes prepared.

> Well, I disagree that it would take up the entire meeting: perhaps you 
> could have it before or after the regular meeting? Better yet, why not 
> give a class on how and why to generate a key, then hold a keysinging 
> the next month? Everyone who learned about GPG the first month will have 
> a chance to create their key and bring it to the next month's meeting 
> for the signing.

	A "formal" pgp keysigning party is not just a crowd milling
around swapping pgp key signature cards (that's WAY too inefficient,
especially with large groups).  It typically takes a couple of hours
at the IETF to go down the list of keys and introduce everyone and
project their credentials overhead on a screen for everyone to verify.
And there really isn't that terribly large of a crowd showing up for
those.  Comparable to the size of our meetings.

	Here is some of the pgp keysigning information written up
by Derek Atkins and followed by many keysigning parties and groups.

] Derek Atkins <warlord at mit.edu> has recommended this method:
] 
] - -----
]    There are many ways to hold a key-signing session. Many viable
]    suggestions have been given. And, just to add more signal to this
]    newsgroup, I will suggest another one which seems to work very well
]    and also solves the N-squared problem of distributing and signing
]    keys. Here is the process:
] 
]     1. You announce the keysinging session, and ask everyone who plans to
]        come to send you (or some single person who *will* be there) their
]        public key. The RSVP also allows for a count of the number of
]        people for step 3.
] 
]     2. You compile the public keys into a single keyring, run "pgp -kvc"
]        on that keyring, and save the output to a file.
] 
]     3. Print out N copies of the "pgp -kvc" file onto hardcopy, and bring
]        this and the keyring on media to the meeting.
] 
]     4. At the meeting, distribute the printouts, and provide a site to
]        retreive the keyring (an ftp site works, or you can make floppy
]        copies, or whatever -- it doesn't matter).
] 
]     5. When you are all in the room, each person stands up, and people
]        vouch for this person (e.g., "Yes, this really is Derek Atkins --
]        I went to school with him for 6 years, and lived with him for 2").
] 
]     6. Each person securely obtains their own fingerprint, and after
]        being vouched for, they then read out their fingerprint out loud
]        so everyone can verify it on the printout they have.
] 
]     7. After everyone finishes this protocol, they can go home, obtain
]        the keyring, run "pgp -kvc" on it themselves, and re-verify the
]        bits, and sign the keys at their own leisure.
] 
]     8. To save load on the keyservers, you can optionally send all
]        signatures to the original person, who can coalate them again into
]        a single keyring and propagate that single keyring to the
]        keyservers and to each individual.
] 
]    This seems to work well -- it worked well at the IETF meeting last
]    month in Toronto, and I plan to try it at future dates.

	If it takes a couple of minutes per person, 40 people could
consume an hour and a half to two hours, easily.  With our noisy
crowd at our meetings, that could be optimistic.  Remember, the
information (and the person) has to be visible long enough for
everyone to verify.  It's not a process that lends itself to speeding
up to any great extent.

	FIRST, the Forum of Incident Reaction Security Teams, has a
different proceedure for what they call their "PGP Keysigning Non-parties".
In this case, the organization goes to lengths to verify id's at each of
it's meetings (whether you are participating in the keysigning or not)
at the door.  It's also, generally, team members of a member team who are
already sponsored by an organization which is presume to take some care
in chosing and verifying their security people.

	Within the FIRST meeting, during the keysigning, id's are
further verified.  The person running the non-party documents all of
this and takes the key information (always important to have that
key signature card or your key fingerprint on your business card).
They then sign you key (later) and publish the list of "certified
verifications" and the fingerprints.

	We, as other participants, then have the option of accepting
their verification as first hand verification and signing the keys on
that meetings keyring ourselves.  That last bit is emphasised to be
entirely OPTIONAL.  Anyone who is NOT comfortable with signing a key
verified by a third party, even one as paranoid and pretigious as
FIRST, does not have to sign anything.  The only signatures offered as
part of the non-party are those of the two or three individuals running
it.  All other signatures are up to the individuals.  This is sort of
half way between a formal keysigning party and a mellee.  This, I do
NOT propose to do.  It still takes time, though.  I saw a dozen people
lined up through a half an hour break during a TC (Technical Colloquium)
and they manned the table almost throughout the last annual general
meeting and never built up a waiting line there.

	USENIX use to also sign keys at meetings at a desk, similar
to the FIRST non-party with an option to use "torn money" (covered
tear-away strips of secrets for post meeting verification) but they
decided that it was looking too much like they were becoming a PGP
key certifying authority and discontinued the practice several years
ago (which is one of the reasons I'm not proposing a non-party).

	I'm not sure who wrote the following.  A different message?
You might try using different indent characters when quoting from
two different messages...

> > That and I constantly loose my keys when servers die, etc is a bit of a
> > discouragement.

> One of the many advantages of keeping your key on removable media. :)

	Always KEEP A BACKUP.  Keep the backup secure, double encrypted
if you are really paranoid.  :->  Just keeping it on removable media doesn't
help if the floppy takes a coffee spill or the flash card fries (lost
one flash card recently).  Recent GPG versions have some smartcard support,
with patches, so that's an option for some of us as well.  But keep
more than one and keep them in different locations (like a safe deposit
box).  But, I'm getting into some of my presentation material, now.  >;->=>

> Greg Sabino Mullane greg at turnstep.com
> PGP Key: 0x14964AC8 200210151211

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list