Len Sassaman
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Efficient Group Key Signing Method Revision 1.5 Len Sassaman and Phil Zimmermann __ In order to make key signing parties run more efficiently, we propose a new method of doing mass fingerprint verification. __ 1. Participants in the key signing submit their keys to the signing organizer, with unnecessary signatures and user-ids trimmed off. Participants may be required to sign their submission message in order to prove ownership of their key. 2. The signing organizer compiles the key information (including the key fingerprint, user-id, key-id, and key size) in a text file and makes it publicly available. Keys should be numbered sequentially, and multiple keys by the same owner should be grouped together. 3. The signing organizer takes the hash of the text file (using a secure hash function such as SHA-1 or RIPEMD-160), and brings this to the key signing. The hash information should also be posted publicly for sanity checking purposes. (Different text file formats will result in different hashes, due to line ending variations.) 4. Each person wishing to sign the keys on this paper obtains the text file from its public location, and independently obtains the hash checksum. On most Unix systems, the program sha1sum is available. Alternatively, GnuPG can be used to determine the hash output. Syntax is: "gpg --print-md sha1 filename" or "gpg --print-md ripemd160 filename" 5. Participants bring a hard copy of this text file and a copy of the hash checksum to the key signing. Participants who wish to have their keys signed should verify the fingerprint on the paper against their actual key prior to the event. 6. The checksum output is read aloud to the group. Participants confirm this sum with the independently obtained checksum of the file prior to actually signing any keys. 7. Each person wishing to have his key signed verifies to the group that the fingerprint and key information presented in the text file is indeed the correct information. A simple assertion that "yes, this information is correct" is sufficient. For large groups, the process may be expedited by instructing the attendees to line up according to the number next to their key information. 8. Identity verification is done according to the individual policy of those people signing keys. (Note that the level of identification an individual requires may vary greatly from person to person, and should not be dictated by the key signing organizers.) 9. Participants opting to sign later obtain the public keys (either from the signing organizer, or from a public server) and confirm that the key fingerprints and other information match that reported in the text file. They may then sign the keys. __ The rationale behind this method is that, by placing all the fingerprints in a text file and providing the hash, significant time can be avoided without a decrease in security. Each individual is responsible for making sure his or her fingerprint is correctly reported, and every person signing is guaranteed to have identical fingerprint lists. We expect this method to reduce the time involved in actual key signing parties by half. Thanks to Werner Koch, Peter Wan, Randy Harmon, Patrick Feisthammel, Robyn Wagner, Rodney Thayer, David Stoler, John Kane, Lucky Green, Peter Palfrader, the attendees of the First PGP Keyserver Manager Symposium, and many others for their help in fine-tuning this process. -----BEGIN PGP SIGNATURE----- iQIVAwUBQuV2FUoKgUld5ID8AQMh6A/+M9FQFmQFNd9DqYKmRNsTEbN407wi6otT /HbA9I4xa9jmQmbuxV4KlWwIHa+OnjFyPgbpElDwAzba/nORMgNQwAzZ0pDR5HYI zJsiJi0juos40XqSVlPhjQc7rhx3r0LrMg8Ewrlr28E7Bry4ymOYMvwnN91gUqHa 4tHROELXTs3jnypJc9dU+Jyy3JeMc8ivFrTq77007FplvbB0q/fj80uYxEq8c3/o 9E0P1sMZ8bmUhgLWEf+UyeaPRTpWsbvB56adRmG11+7ReXhXTMT48CvMOsemU+C5 DZ323K6yWBhOoMgYEdeO5zCcDJOYPG0lFbHWxgXnO9+ig4BmlMPj7HqnhrksV/Fm zG0J4h9GEeRQKA4ecz1uAqrLttZbZgayknMdadvwPvpbDSQuX97NOXbXUJdXCFbK BXahHj2ZSMet8yDHH7t00fYXe6tw/WD7n1Ts7qPZCYsi0OAxJrlLsQtjNi/BeYJR W6jcBg5ktNA0Fph5L86giSrV3xeNRS0zaotH3V6/hsA0132BasExrVpazDrl19ke 9OcUumV5kWBXLniq96YHToAWV7ZQC7be/B4ETEPgn5cZop+ccW8/RLafpXuRDe1g vs3PvF74fk3rY3HLsn8gb0xvb955VNnbIF01JRAOnxxHDfk2tAyNpWak308d4Of2 hEUMvOXvsF0= =K4aR -----END PGP SIGNATURE
关注
立即认领
分享
关注
立即认领
分享
基本信息
浏览量:60
职业迁徙
个人简介
暂无内容
研究兴趣
论文共 20 篇作者统计合作学者相似作者
按年份排序按引用量排序主题筛选期刊级别筛选合作者筛选合作机构筛选
时间
引用量
主题
期刊级别
合作者
合作机构
IEEE Security and Privacyno. 2 (2012): 87-91
FINANCIAL CRYPTOGRAPHY AND DATA SECURITY (2010): 289-303
user-5f8cf9244c775ec6fa691c99(2010)
引用0浏览0引用
0
0
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security (2010): 250-255
PRIVACY ENHANCING TECHNOLOGIES (2008): 187-201
UPSEC'08: Proceedings of the 1st Conference on Usability, Psychology, and Securitypp.1-5, (2008)
引用1浏览0EI引用
1
0
加载更多
作者统计
合作学者
合作机构
D-Core
- 合作者
- 学生
- 导师
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn