NYU's PGP Key-Signing Seminar - a critique

Sergey Goldgaber sergey at el.net
Fri Mar 21 14:24:59 PST 1997


I am writing regarding the PGP Seminar to be held on the 27th of March.
Your informative session is laudible.  And, I would like to take full
advantage of the key-signing session to follow.  However, there is a
certain concern which it would be prudent to address first.

http://www.nyu.edu/pages/advocacy/awareness/pgp.html provides instructions
for the session, which state:

   "8. At the seminar Tim and Ilya will confirm the identity of all
       participants and the participants will identify their own keys.
    9. After the seminar Ilya will e-mail all the participants the
       keyring with all the keys, along with the instructions on how
       to sign them."

This conflicts with the guidelines for hosting pgp key signing sessions
as presented in the alt.security.pgp FAQ (a relevant excerpt is attached 
to this message).  The FAQ states:

   "6.  Each person securely obtains their own fingerprint, and after
       being vouched for, they then read out their fingerprint out
       loud so everyone can verify it on the printout they have."
               ~~~~~~~~

The concern I have is that this discrepancy undermines the web of trust
model for PGP.  The participants of the NYU session will not have the
opportunity for verifying the identity of the owners of the keys that
they are signing.  They must rely on a central authority ("Tim and Ilya").

I realize that this may be a simpler, and perhaps a more convenient method
of conducting a key-signing session, perhaps ideally suited to a session
aimed at novices.  However, I feel that the security provided by PGP is
thereby undermined.  We must not forget that security is the whole reason 
that even the novices at your session are using PGP for in the first place.

I hope this issue can be addressed before the session begins.


 ............................................................................
 . Sergey Goldgaber <sergey at el.net>      System Administrator        el Net .
 ............................................................................
 .   To him who does not know the world is on fire, I have nothing to say   .
 .                                                      - Bertholt Brecht   .
 ............................................................................


   6.8.  How do I organize a key signing party?

   Though the idea is simple, actually doing it is a bit complex,
   because you don't want to compromise other people's private keys or
   spread viruses (which is a risk whenever floppies are swapped
   willy-nilly).  Usually, these parties involve meeting everyone at
   the party, verifying their identity and getting key fingerprints
   from them, and signing their key at home.

   Derek Atkins <warlord at mit.edu> has recommended this method: 
     _________________________________________________________________

   There are many ways to hold a key-signing session.  Many viable
   suggestions have been given.  And, just to add more signal to this
   newsgroup, I will suggest another one which seems to work very well
   and also solves the N-squared problem of distributing and signing
   keys.  Here is the process:
    1.  You announce the keysinging session, and ask everyone who
       plans to come to send you (or some single person who *will* be
       there) their public key.  The RSVP also allows for a count of
       the number of people for step 3.
    2.  You compile the public keys into a single keyring, run "pgp
       -kvc" on that keyring, and save the output to a file.
    3.  Print out N copies of the "pgp -kvc" file onto hardcopy, and
       bring this and the keyring on media to the meeting.
    4.  At the meeting, distribute the printouts, and provide a site
       to retreive the keyring (an ftp site works, or you can make
       floppy copies, or whatever -- it doesn't matter).
    5.  When you are all in the room, each person stands up, and
       people vouch for this person (e.g., "Yes, this really is Derek
       Atkins -- I went to school with him for 6 years, and lived with
       him for 2").
    6.  Each person securely obtains their own fingerprint, and after
       being vouched for, they then read out their fingerprint out
       loud so everyone can verify it on the printout they have.
    7.  After everyone finishes this protocol, they can go home,
       obtain the keyring, run "pgp -kvc" on it themselves, and
       re-verify the bits, and sign the keys at their own leisure.
    8.  To save load on the keyservers, you can optionally send all
       signatures to the original person, who can coalate them again
       into a single keyring and propagate that single keyring to the
       keyservers and to each individual.

   This seems to work well -- it worked well at the IETF meeting last
   month in Toronto, and I plan to try it at future dates.


http://www.nyu.edu/pages/advocacy/awareness/pgp.html


                          Awareness Week 1997

                      Pretty Good Privacy Seminar

                 Thursday, March 27 at 12:00 pm Warren
                         Weaver Hall, Room 313

   [INLINE] This is a Blue-Ribbon event, CANYU will distribute Blue
   Ribbons to participants

   This seminar sponsored by the Computer Advocacy @ NYU and the
   Academic Computing Facility.  The seminar will explore the need for
   use of cryptography for communications in every day life, and
   demonstrate how PGP (Pretty Good Privacy) can be used at NYU.

   This workshop is a part was preceded by another seminar titled
   "Encryption:  Padlocks for the digital age".

   Speakers:  * Tim O'Connor * Ilya Slavin

   A key signing session will follow the seminar.  The instructions
   follow:  
    1.  If you have already created your key, skip to the
    following step.  + You can create your new key on one of the IS
    machines (and, most likely, many other computers at NYU) by
    following the steps outlined in the following document.  
    2.  Once your key is generated and signed by yourself, extract
    your public key from the key ring by typing pgp -kxat userid
    keyfile.asc where keyfile.asc is a name of the file you want to
    copy your key to. 
    3.  Send this file with your name and a mention of the seminar to
    slavin at acf2.nyu.edu before 7:00 PM on March 26, 1997.  
    4.  Ilya will compile a master keyring with all the keys before
    the seminar starts. 
    5.  Please write down (or print out) the output of the following
    command:  pgp -kvc where <userid> is your name or e-mail address
    that appears in your key. 
    6.  Ilya will have printouts of userids and fingerprints of all
    keys sent to him. 
    7.  Bring two photo IDs (either a passport or other respectable
    form of ID) to the seminar so that we can verify your identity. 
    8.  At the seminar Tim and Ilya will confirm the identity of all
    participants and the participants will identify their own keys. 
    9.  After the seminar Ilya will e-mail all the participants the
    keyring with all the keys, along with the instructions on how to
    sign them. 
    10.  Once the keys are signed, the participants will e-mail their
    signed keyrings to Ilya, who will add their signatures to the
    master keyring.  11.  As soon as Ilya receives all the signed
    keys, he will e-mail the complete keyring to all the participants,
    who can add the new signatures to their own keyrings.

     
______________________________________________________________________


    Computer Awareness Week '97 / Ilya Slavin / Last Modified:  3/6/97





More information about the cypherpunks-legacy mailing list