Proposal for easing keysigning at meetings
A little hallway conversation led to a concensus that NCC-Services is the correct place to suggest this idea; it's a minimal-cost suggestion for aiding crypto key-signing via the RIPE conference registration. The main issue with exchanging crypto keys (eg PGP) is verifying that all the information has been copied correctly and spending the actual time to do it. If the online registration form has an optional field to supply a key fingerprint, then those who supply this will have their fingerprint listed in the attendee list and shown on their registration badge (optionally with keyid if not embedded in fingerprint). Then, if you're interested in verifying keys at the level of "I've talked to this person and someone has paid a few hundred euros for him to attend a conference in his name" or greater trust, then you can glance over the fingerprint on the badge, versus that on the list, and just tick the item. Then, later, working through the list you can just retrieve/sign/upload those keys which you've ticked. Benefits: * makes valid key-signing friendlier to the lazy and those without a surface to easily write on (or a PDA or ...) * so web of trust more likely to be established at RIPE meetings Disadvantages: * minimal change to registration form, slightly longer printouts * it's not _entirely_ free, but it's once-off minimal development and probably some text in the booklets explaining the system (and why people shouldn't just sign every key on the list) Does anyone think that this is a good idea, or a violently stupid idea? Should RIPE be doing this? (I actually proposed this at LISA a couple of years ago and the staff-member liked it and thought they'd try this at a USENIX Security conference, but I heard nothing more about it) -- Phil Pennock, Senior Systems Administrator, Demon Internet Netherlands NL Sales: +31 20 422 20 00 Thus Plc NL Support: 0800 33 6666 8
Hi, | Then, if you're interested in verifying keys at the level of "I've | talked to this person and someone has paid a few hundred euros for him | to attend a conference in his name" or greater trust, then you can | glance over the fingerprint on the badge, versus that on the list, and | just tick the item. Good idea and I'm all for it. -- __________________ Met vriendelijke groet, /\ ___/ Pim van Pelt /- \ _/ Business Internet Trends BV PBVP1-RIPE /--- \/ __________________
----- Original Message ----- From: "Pim van Pelt" <pim@bit.nl>
Hi,
| Then, if you're interested in verifying keys at the level of "I've | talked to this person and someone has paid a few hundred euros for him | to attend a conference in his name" or greater trust, then you can | glance over the fingerprint on the badge, versus that on the list, and | just tick the item.
Good idea and I'm all for it.
I'm not. One reason is that I think it is a bit deprecated, and if I wanted to collect stamps I would go to a stampshop. The other is that RIPE is implementing X509 authentication. I think it would certainly be much better to do something that was related to this than doing something that was not... if possible. Joergen Hovland (ENK)
Subject: Re: [ncc-services-wg] Proposal for easing keysigning at meetings Date: Tue, Sep 02, 2003 at 05:30:04PM +0200 Quoting Jørgen Hovland (jorgen@hovland.cx):
I'm not. One reason is that I think it is a bit deprecated, and if I wanted to collect stamps I would go to a stampshop. The other is that RIPE is implementing X509 authentication. I think it would certainly be much better to do something that was related to this than doing something that was not... if possible.
I disagree -- but then again I do not understand this X509 stuff. PGP works and I can decide how much I want to trust it. I have the highest regards for RIPE NCC, but I like to avoid pyramidal trust if I can. -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE I'm EMOTIONAL now because I have MERCHANDISING CLOUT!!
On 2003-09-02 at 18:43 +0200, Mans Nilsson wrote:
Quoting Jørgen Hovland (jorgen@hovland.cx):
I'm not. One reason is that I think it is a bit deprecated, and if I wanted to collect stamps I would go to a stampshop.
*ROTFL* These are a bit more useful than historical stamps, but the character description is a fair jab. :^) But those of us who collect signatures do so because it achieves something, not _just_ because it satisfies some boyish collector instinct (I've just realised that I don't think I've ever seen a woman at a keysigning).
The other is that RIPE is implementing X509 authentication. I think it would certainly be much better to do something that was related to this than doing something that was not... if possible.
I disagree -- but then again I do not understand this X509 stuff.
I don't understand X509 sufficiently to make suggestions, but if it does allow for distributed trust, such as PGP/GPG/whatever's web-of-trust, then the proposal for RIPE doesn't exclude it. The proposal is for "crypto keys", not "PGP keys" even though they're the most obvious and likely beneficiary. As far as I'm concerned, the collected information should be treated as a blob of text. It can be PGP, X<nnn>, or anything else. A bit like the early flexibility of the RIPE database -- don't prohibit content. The key (bad pun, sorry) is to reduce the potential for human error in transcription and reduce the work required per key/identity verification. Perhaps amend the original suggestion to explicitly collect a pair, "crypto system"/"crypto pub-key". Crypto: PGP / 6F99 1154 7B13 3294 F1FB 78A7 2622 C81A 9525 CBBA Another private reply suggested that I collect private replies and report tallies to the list. I'm willing to do this. -- Phil Pennock, Senior Systems Administrator, Demon Internet Netherlands NL Sales: +31 20 422 20 00 Thus Plc NL Support: 0800 33 6666 8
participants (4)
-
Jørgen Hovland -
Mans Nilsson -
Phil Pennock -
Pim van Pelt