Hybrid keysigning party, your opinion?

Peter Lebbing peter at digitalbrains.com
Thu Dec 8 14:55:12 CET 2016 

On 08/12/16 14:14, Stephan Beck wrote:
> Just some meditations:
> 
> So, the late attendees can see and hear that the ordinary participants 
> confirm the checksum and that their fingerprints check out?

Yes, the late attendees definitely need to be there at the beginning of the
party, verifying that the SHA256 checksum printed at the top of their scrubbed
list is the one being read aloud and hearing everybody confirm their fingerprint
is correct.

> One that was on the list and didn't show up would not get the required marks
> on () fpr () id ?

Correct, I actually cross out the full entry with my pen, but it would suffice
not to put a check mark on Fingerprint. A check mark on ID is totally out of the
question, that check mark indicates you have verified their identity!

> Would that person be (as uid-serial number, 001, 002, 003...) on the
> attendee's fingerprint-less list? But that person definitely would not end up
> as a person being included in the final list?

The list is *immutable*. It is finished before the event even starts, and has a
known SHA256 checksum.

People are not added to or removed from the list.

Late participants get the original list as it was sent to the early registrants,
with the precise, known SHA256 list.

After someone has verified they at least received the correct list
electronically, they're free to change whatever they like on the list for
themselves, *but not to send on to others*. It is vitally important that wat is
sent to people is the original list with the correct SHA256 checksum. And if
somebody is unable to get a list with the correct SHA256 checksum, they have
wasted their time with verifying the people on the list. But this would be an
odd situation: nobody is able to send them an unmodified file? I'd worry about
my computer and my internet connection then, not the time lost during the
keysigning.

> Then, by checking serial numbers, as you say, it's ok :-)

Checking serial numbers <-> UID mappings is /purely/ to catch out dishonesty on
the part of the person who printed the scrubbed lists for the late attendees. It
is not to account for changes in who was present and stuff like that.

Of course I'll provide the lists, so I for myself know they will be okay.
However, the other people would just have my word for it, and that is wholly
insufficient.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list