| gabriel rosenkoetter on Fri, 28 Jun 2002 13:10:09 +0200 |
|
On Thu, Jun 27, 2002 at 08:49:43PM -0400, Darxus@chaosreigns.com wrote: > USP has this equipment in each of the rooms we've used there. Reeeeeally. Well, let's use 'em! This will shave the ridiculous amount of time off the keysigning for sure. The wasted time is clearly in the passing the ID around the room, when only two people are actually doing something at the same time, and one of those people is just doing "being looked at". > ...still pondering the MD5 thing. One issue is it would require every > participant to have a useable printer (which I don't). I have yet to see any explanation of what you would do if the md5 sum doesn't match. Everyone stops and redownloads the file? What if you're attacker is a mitm between that locations internet access and the location of the file? What does it imply if the person who generated the text file has a different md5 sum than everyone else? What if some of your participants use an OS with different line break characters and (accidentally) converted the file in downloading, meaning the md5 sum doesn't match? Too many potential problems, imho, even if you do trust md5 to generate securely unique sums. -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgphXBCnkrofb.pgp
|
|