Jeff Abrahamson on Thu, 6 Mar 2003 12:42:08 -0500 |
On Thu, Mar 06, 2003 at 11:54:57AM -0500, gabriel rosenkoetter wrote: > On Thu, Mar 06, 2003 at 10:23:56AM -0500, Michael Leone wrote: > > Oh? I had received 2 new keys, which I put into the keyring. I got another > > one at like 6PM last night. (as a side note, sending me a key less than an > > hour before a meeting you want to be keysigned at ... is not enough > > notice. :-) I will add you in, tho, and you can get signed at the next > > keysigning. > > Sure, but doing keysigning the way we've been doing it is getting to > be pretty unmanageable. > > Jeff would like to just have everyone's keys in a file, run SHA1 on > that, compare the checksum you see at the meeting with one you > compute yourself on the same file, and know that everyone's > signature matches up. I think there are some serious failings with > that plan: I have a couple knits: > - Everyone involved had really better understand how it works, or > they're liable to do it wrong. This is true for all the schemes. > - Latecomers are completely screwed. This is semi-true for all schemes, although it's true that it's easier to run gpg-key2ps before leaving home/office than it is to remember to mail a key in advance. > - The uniqueness of SHA1 is still open to comment. We're already > trusting it once for the fingerprints; maybe we'd rather not trust > it again for this. Uniqueness is not open to comment: it is not unique. (The range is larger than the domain.) The assurance is that different things you happen to have are highly unlikely to hash to the same value, and given a hash value, it is hard to find a pattern that hashes to it. I'm knit picking, as I said. > - An error in ANY key aborts the whole keysigning for everyone. No, just that one key would be unuseful, the rest of the sheet is fine. We would all have computed the hash based on the same file. One's not even required to prepare in advance, in the sense that you could compute the hash when you go home that night. That said, I'm not averse to the decentralized approach of everyone bringing key strips with them. I would just like to see us get away from the current approach, which is too time consuming *and* requires centralized planning. -Jeff > Problems with our current plan are similar: > > - Latecomers: screwed. > - If you don't understand the process, you've got a good chance of > doing it wrong. Like say last night when one participant blithely > read his fingerprint from the sheet of paper I provided without > first verifying it. > - It takes an inordinate amount of time. Having each user verify > their key fingerprint on the sheet of paper we hand out would make > this easier, but this leaves it open for people to connect from > someone else's laptop or USIP's computers to their own machines to > check their fingerprint. That's not a good idea, for what I hope are > obvious reasons. > > I would much prefer this approach: > > - Participants bring their own key fingerprint printouts. Ideally > using gpg-key2ps[1]. > - Either: > - Each person meets with each other person, exchanges key2ps > slips, checks each others' ID, discusses the ways in which > they'd like their signatures returned, then moves on to another > pairing. > Or: > - Each person starts their photo ID around the circle, then walks > around individually distributing key2ps slips to each person. > I'm in favor of the first version, as it completely avoids the > only potential pitfall (passing a stack of one person's key2ps > slips from one person to the next, which lets anyone along the way > replace the strips with their own in an effort to compromise the > system). > > I like this approach best because: > > - No special knowledge is required. "Don't let someone else prove > your identity for you," maybe, but that's something you should know > anyway and it's certainly plenty present in the other approaches. > - It's more social. Instead of standing silent speaking one at a > time, everyone gets to have a brief conversation with everyone > else. > - Latecomers: NOT screwed. As long as they bring their fingerprint > printout. > - It happens FASTER. Even if we still do the circle approach, > there's no "listening and verifying fingerprint" step, there's just > checking the ID and taking the owner-endorsed slip of paper home > with you to verify there. > - One bad fingerprint is just that, one bad fingerprint. Nothing > breaks down based on it. > - No maintenance of a PLUG keyring (which seems to include some > random signing-only keys from CERT and Micrsoft right now... > any reason for that?) is necessary, though it doesn't hurt.[2] > > Thoughts? -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B Attachment:
pgpTVwJWJ17jS.pgp
|
|