[kwlug-disc] PGP Keysigning Protocol

Chris Frey cdfrey at foursquare.net
Sun Sep 5 15:16:29 EDT 2010

The guideline looks good to me.  Looks very streamlined.

I can organize the keyring.

Everyone who wants to participate in the keysigning party, please
reply to this email, to the list, and either include your public
key in the email, or a pointer to where I can grab it.

- Chris

On Fri, Sep 03, 2010 at 10:28:00AM -0400, Paul Nijjar wrote:
> This month's KWLUG meeting is supposed to feature a key-signing party.
> Bob forwarded the following guidelines for the party to me. 
> Do we agree with these guidelines? 
> Do we have a KeyMaster who will be in charge of the organizing?
> - Paul
> ----- Forwarded message from Bob Jonkman <bjonkman at sobac.com> -----
> Hi Paul:  Here is the text of the PGP keysigning protocol that does not
> require computers or coercive-authority identification.  This is what we
> used at the initial meetings of the Toronto Cypherpunks, although later
> meetings devolved into exhibitions of identification cards of the
> afore-mentioned coercive authorities...
> --Bob.
> =====
> The PGP FAQ is at <URL:http://www.pgp.net/pgpnet/pgp-faq/>
>  6.7 What's a key signing party?
>    A key signing party is a get-together with various other users of PGP
>    for the purpose of meeting and signing keys. This helps to extend the
>    "web of trust" to a great degree.
>   6.8 How do I organize a key signing party?
>    Though the idea is simple, actually doing it is a bit complex,
> because
>    you don't want to compromise other people's private keys or spread
>    viruses (which is a risk whenever floppies are swapped willy-nilly).
>    Usually, these parties involve meeting everyone at the party,
>    verifying their identity and getting key fingerprints from them, and
>    signing their key at home.
>    Derek Atkins <warlord at mit.edu> has recommended this method:
>    There are many ways to hold a key-signing session. Many viable
>    suggestions have been given. And, just to add more signal to this
>    newsgroup, I will suggest another one which seems to work very well
>    and also solves the N-squared problem of distributing and signing
>    keys. Here is the process:
>     1. You announce the keysigning session, and ask everyone who plans
> to
>        come to send you (or some single person who _will_ be there)
> their
>        public key. The RSVP also allows for a count of the number of
>        people for step 3.
>     2. You compile the public keys into a single keyring, run "pgp -kvc"
>        on that keyring, and save the output to a file.
>     3. Print out N copies of the "pgp -kvc" file onto hardcopy, and
> bring
>        this and the keyring on media to the meeting.
>     4. At the meeting, distribute the printouts, and provide a site to
>        retreive the keyring (an ftp site works, or you can make floppy
>        copies, or whatever -- it doesn't matter).
>     5. When you are all in the room, each person stands up, and people
>        vouch for this person (e.g., "Yes, this really is Derek Atkins --
>        I went to school with him for 6 years, and lived with him for
> 2").
>     6. Each person securely obtains their own fingerprint, and after
>        being vouched for, they then read out their fingerprint out loud
>        so everyone can verify it on the printout they have.
>     7. After everyone finishes this protocol, they can go home, obtain
>        the keyring, run "pgp -kvc" on it themselves, and re-verify the
>        bits, and sign the keys at their own leisure.
>     8. To save load on the keyservers, you can optionally send all
>        signatures to the original person, who can coalate them again
> into
>        a single keyring and propagate that single keyring to the
>        keyservers and to each individual.
>      _________________________________________________________________
>    Last updated: 05 Nov 1997.
>    Copyright (C) 1996 by Arnoud Engelfriet. Comments, additions and
> -- 
> Bob Jonkman <bjonkman at sobac.com>         http://sobac.com/sobac/
> SOBAC Microcomputer Services              Voice: +1-519-669-0388
> 6 James Street, Elmira ON  Canada  N3B 1L5  Cel: +1-519-635-9413
> Software   ---   Office & Business Automation   ---   Consulting
> ----- End forwarded message -----
> -- 
> http://pnijjar.freeshell.org
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org

More information about the kwlug-disc mailing list