Keysigning party

06.08.2005 12:52

This morning I attended the keysigning party at Wikimania. I organized a similar event last year at Haip (I wanted to follow the keysigning party HOW-TO), but it failed miserably then because nobody had the patience and/or time to check all the passports and identity cards and then compare endless strings of public key fingerprints. So everyone just went like "OK, I trust all you guys without checking you IDs and fingerprints, now let's sign these keys and go on with the party". In the end nobody remembered to submit the signed keys to the keyserver anyway, so it was just a big waste of time and nerves. So I really wanted to see how a keysigning party organized by some one else would look like.

Hanno 'Rince' Wagner, who led the GPG workshop and the keysigning party didn't exactly follow the HOW-TO. What he did is that he gathered key IDs and fingerprints from everyone and compiled a list on the wiki. Everyone showed his or her passport or ID card to him and everybody else so we could confirm their identities.

This way of doing thing greatly simplifies the keysigning, because everyone doesn't need to check everyone else's fingerprints (the algorithm is O(n) instead of O(n^2)). However in this case you must trust whoever is compiling the list that he won't change the key fingerprints on it, so it isn't a technically correct way of doing it.

Posted by Tomaž | Categories: Life

Add a new comment


(No HTML tags allowed. Separate paragraphs with a blank line.)