Weld Pond writes:
This begs the question, "How would you conduct an efficient key signing given what you have learned?" I am in the process of organizing one and would like to get input as to the best way that this should take place.
The IETF key signing parties are the largest in existance -- about 100 people exchange signatures. The way you handle it is this: Every person's key is pre-submitted to key signing party organizer, who prints a list of names and fingerprints on paper and xeroxes enough for everyone attending. Each person gets a sheet. Either each person in the room reads their fingerprint in turn from their own copy, with each person in the room checking the read fingerprint against the fingerprint on the handout, or an appointed reader (or set of readers at the last IETF) read the fingerprints in turn and ask the owner of the key to then simply say "yes" or "its mine" or whatever to verify that the fingerprint matches their own copy of the print. Afterwards, each person will have a sheet with checkmarks next to every fingerprint they think really belongs to a particular person's key. They then go off later on, download the keyring for the party from sonewhere, and sign everything they want to sign and mail back the signed keys to the party organizer. This is about the only way to handle things -- it turns the N squared problem into an O(N) problem, which is still very bad if there are more than about twenty people around. Perry