IETF Logo Mail Archive

Re: pgp signing in van

Scott Kitterman <scott@kitterman.com> Sat, 07 September 2013 01:43 UTC

Return-Path: <scott@kitterman.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0E2521F8AD5 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 18:43:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbLQh7b-VEP2 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 18:43:25 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) by ietfa.amsl.com (Postfix) with ESMTP id 9F17421F8267 for <ietf@ietf.org>; Fri, 6 Sep 2013 18:43:25 -0700 (PDT)
Received: from mailout03.controlledmail.com (localhost [127.0.0.1]) by mailout03.controlledmail.com (Postfix) with ESMTP id E20E0956001; Fri, 6 Sep 2013 21:43:23 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2007-00; t=1378518204; bh=dsn1JY5tgcHzDbxKJQdGBLAlfutKtMP7gEjU2AOiFpM=; h=In-Reply-To:References:Subject:From:Date:To:From; b=jl3uhn46ZH6Bnze3dvJ9NP44ztuip5ZtQcdPy7r4r3AWRajhb7Ni/aNC9nhLgtLHI 68rChzhClsQ4ufgr1LM5CaK47DcEfizq4kStIfGfS1CqhRcAbcaQseZo4G/+Tfqjby ohe6q6eOnDhFFt3MhfLJ55SoIxpl+O2xkg/H2MS8=
Received: from [192.168.111.106] (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 746B6D0404D; Fri, 6 Sep 2013 21:43:23 -0400 (EDT)
User-Agent: K-9 Mail for Android
In-Reply-To: <CAMm+Lwg6PGBLHvXrsNMhF-9Z_fSEo-+CWO-gdJedxk-Za62OVw@mail.gmail.com>
References: <m2zjrq22wp.wl%randy@psg.com> <2309.1378487864@sandelman.ca> <522A5A45.7020208@isi.edu> <CAMm+Lwg6PGBLHvXrsNMhF-9Z_fSEo-+CWO-gdJedxk-Za62OVw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: Re: pgp signing in van
From: Scott Kitterman <scott@kitterman.com>
Date: Fri, 06 Sep 2013 21:43:41 -0400
To: IETF Disgust <ietf@ietf.org>
Message-ID: <f1de5fb1-677d-4bcc-b8fd-4cb97f03e963@email.android.com>
X-AV-Checked: ClamAV using ClamSMTP
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Sep 2013 01:43:30 -0000

Phillip Hallam-Baker <hallam@gmail.com> wrote:
>On Fri, Sep 6, 2013 at 6:42 PM, Joe Touch <touch@isi.edu> wrote:
>
>>
>>
>> On 9/6/2013 10:17 AM, Michael Richardson wrote:
>>
>>>
>>> I will be happy to participate in a pgp signing party.
>>> Organized or not.
>>>
>>> I suggest that an appropriate venue is during the last 15 minutes of
>the
>>> newcomer welcome and the first 15 minutes of the welcome reception.
>>>
>>> Because:
>>>    1) the WG-chairs and IESG will all be there, and a web of trust
>>>       still needs some significant good connectivity, and we already
>>>       know each other rather well, without needing "ID"
>>>       (I am not interested myself in verifying anyone's
>NSA^WGovernment
>>>       identity. I don't trust that Certification Authority...)
>>>
>>>    2) getting newbies on-board, meeting them well enough to sign
>>>       their key seems like a good thing.
>>>
>>
>> And whose key would you sign? Anyone who showed up with a form of ID?
>>
>> I've noted elsewhere that the current typical key-signing party
>methods
>> are very weak. You should sign only the keys of those who you know
>well
>> enough to claim you can attest to their identity.
>>
>> If that's the case, how will this get newbies on-board except to
>invite
>> them to have keys whose signatures aren't relevant, and to devalue
>the
>> trust in WG-chairs and IESG members?
>>
>> Joe
>>
>
>I can write a key ceremony spec. I have done that before.
>
>Almost everyone arriving in Vancouver will have a passport in any case.
>The
>protocol will probably be something like provide your key etc data in
>advance, print something out and present that plus your ID document in
>the
>ceremony.

Here's one approach that works reasonably well:


http://www.debian.org/events/keysigning

The scripts in the mentioned signing party package make things much easier. 

Scott K

v2.23.0 | Report a Bug | By Email