IETF Logo Mail Archive

Re: [72attendees] PGP keysigning procedure

Jeffrey Hutzelman <jhutz@cmu.edu> Thu, 31 July 2008 18:41 UTC

Return-Path: <72attendees-bounces@ietf.org>
X-Original-To: 72attendees-archive@ietf.org
Delivered-To: ietfarch-72attendees-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 97FAA3A6D04; Thu, 31 Jul 2008 11:41:57 -0700 (PDT)
X-Original-To: 72attendees@core3.amsl.com
Delivered-To: 72attendees@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 81F513A68E0 for <72attendees@core3.amsl.com>; Thu, 31 Jul 2008 10:41:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.156
X-Spam-Level:
X-Spam-Status: No, score=-6.156 tagged_above=-999 required=5 tests=[AWL=1.843, BAYES_00=-2.599, GB_I_INVITATION=-2, J_CHICKENPOX_21=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwAACv+M0Ush for <72attendees@core3.amsl.com>; Thu, 31 Jul 2008 10:41:50 -0700 (PDT)
Received: from chokecherry.srv.cs.cmu.edu (CHOKECHERRY.SRV.CS.CMU.EDU [128.2.185.41]) by core3.amsl.com (Postfix) with ESMTP id 726983A6892 for <72attendees@ietf.org>; Thu, 31 Jul 2008 10:41:50 -0700 (PDT)
Received: from [130.129.19.120] ([130.129.19.120]) (authenticated bits=0) by chokecherry.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id m6VHfvA2008179 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 31 Jul 2008 13:41:59 -0400 (EDT)
Date: Thu, 31 Jul 2008 18:41:57 +0100
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Zoltan.Ordogh@nokia.com, mohacsi@niif.hu, 72attendees@ietf.org
Message-ID: <DFDC97E610F98545495CAE7E@atlantis.pc.cs.cmu.edu>
In-Reply-To: <200807301404.m6UE4Agb025410@grapenut.srv.cs.cmu.edu>
References: <DEF2527E-AFC6-489E-ADBD-D2536DFDEEBA@bbn.com> <48902ABB.9020103@bogus.com><D7FC2D75-231E-4FA6-B7C2-3F217A8732BA@bbn.com> <20080730140049.W71006@mignon.ki.iif.hu> <200807301404.m6UE4Agb025410@grapenut.srv.cs.cmu.edu>
X-Mailer: Mulberry/4.0.8 (Linux/x86)
MIME-Version: 1.0
Content-Disposition: inline
X-Mailman-Approved-At: Thu, 31 Jul 2008 11:41:56 -0700
Cc: jhutz@cmu.edu
Subject: Re: [72attendees] PGP keysigning procedure
X-BeenThere: 72attendees@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion list for the attendees of IETF 72 meeting." <72attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/72attendees>, <mailto:72attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/72attendees>
List-Post: <mailto:72attendees@ietf.org>
List-Help: <mailto:72attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/72attendees>, <mailto:72attendees-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: 72attendees-bounces@ietf.org
Errors-To: 72attendees-bounces@ietf.org

--On Wednesday, July 30, 2008 05:03:10 PM +0300 Zoltan.Ordogh@nokia.com 
wrote:

> I was wondering what it is, too.

I'm pretty sure Janos was asking for information about the specific 
procedures we would use, rather than the more general "what is it".  Since 
he managed to send in his key in time and showed up at the session, I 
presume he got the information needed.

The key-signing is nothing more or less than an opportunity to get together 
with other people who also have PGP keys for the purpose of signing each 
other's keys.  Key signatures are the basis of PGP's web-of-trust model; 
they are an assertion by the signer that the signed key actually belongs to 
a particular person.

> From the invitation I understood it goes on paper. For some reason which
> I do not quite understand (we should be preserving the environment
> instead of chopping wood for such reason).

The parallel fingerprint verification scheme we use works best if, instead 
of having to manually record each 160-bit fingerprint, participants start 
with a list of fingerprints and merely have to verify that they are 
correct.  Traditionally, that list is distributed both online and on paper; 
many people prefer the paper form for various reasons.  Personally, I find 
that my on-paper notes about which fingerprints are valid are much harder 
for a remote attacker to modify than an electronic version would be. 
Others may show up to the session without a laptop; hard as it is to 
believe, some IETF attendees still do not bring laptops.


> The thing is that 'they' never provide proper description in the
> invitation, so I guess it's a private club for those who know, or those
> who dare.

I'm sorry you feel that way.  It's certainly not a private club; key 
signings are open to anyone who wants to participate.  However, I've 
basically assumed (as did Ted Ts'o, when he was running these) that the 
only people who will want to participate are those who have or are thinking 
about generating PGP keys, and that for _those_ people, the phrase "PGP key 
signing party" is sufficient description, and the rest of the invitation 
enough detail to successfully participate.  Perhaps that assumption is 
invalid; if so, please let me know what the invitation could have said that 
would make it clearer what is going on.

> My - probably non-sense - guess is that it works like a lottery; you pick
> someone's name from Santa's hat and you get to sign a message together.

Not at all -- we use a procedure designed to scale linearly for even a 
large number of participants, while allowing everyone to potentially get a 
signature from everyone else.  No hats are involved.


-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Carnegie Mellon University - Pittsburgh, PA

_______________________________________________
72attendees mailing list
72attendees@ietf.org
https://www.ietf.org/mailman/listinfo/72attendees

v2.23.0 | Report a Bug | By Email