PGP Key Signing Party .. Sign my key, Damn it.

Signed! Thanks for the template. Will it work fine with those Avery business cards blanks from Office Depot?

My PGP Key:
rich@synscan.com
Key ID: 0xE2E25EFA
PGP Fingerprint: 9DF9 CBD2 52A8 650D 0452 B1A2 DB91 483A E2E2 5EFA

This server doesn't resolve for me and others. I noticed the card template specifies pgp.mit.edu. Which should we be using?

Ah, I knew it was too good to be true. keyserver.pgp.com is an LDAP keyserver. It is installed by default, so I picked it. The only problem is if you are behind a firewall that does not allow LDAP out.

I use mostly the first two key servers below, and they all sync with each other over time. If I have LDAP access I use the keyserver.pgp.com one. Otherwise I use the pgpkeys.mit.edu one, which really resolves to cryptonomicon.mit.edu.

Here are the configs for the keyservers I have currently set up:

cryptonomicon.mit.edu
PGP keyserver over HTTP
port 11371

http keyserver
wwwkeys.eu.pgp.net
port 11371

For LDAP servers I have:

keyserver.pgp.com
and
europe.keys.pgp.com
port 11370

I'd stick with the http servers if possible..

Thanks!

DT

My key information:

chris [at] defcon [dot] org
KeyID: 432DC5AC
Key Fingerprint: D7BB 3866 EDD9 0797 9940 6730 3B25 ADC7 432D C5AC

I update to the following keyservers:

wwwkeys.pgp.net
http://212.55.198.213:11371
http://18.7.14.139:11371
pgp.mit.edu

I update to them every two days.

If you trust that as my key please sign it. Feel free to email me to verify the authenticity or you can wait and I will verify it in person at DefCon. I will sign your key (after verification) once you have signed mine.

Chris

[The following question is not one to any of the above posters. It is a general question being asked to the reader.]

Isn't the point of a key signing party to have it done in person so you can verify the person whose key your signing is really who they say they are? The personal verification is one of those things which helps to strengthen the "web of trust." Signing keys of people without meeting/verification defeats one of the many attributes of authentication.

If you are new to gpg/pgp, and do not know people who are asking you to sign theri keys online, then DON'T. Your signing of their keys says that you have done some careful verification that they are who they say they are. This berification is the _purpose_ of the key signing party.

What is the "web of trust"?
Consider the case where Person A knows person B who knows person C.
Person A and person B have signed each other's keys and pushed their changes to a key server.
Person B and person C have signed each other's keys and pushed them to a key server.

Now, even though person A and Person C have not signed each other's keys, each can have a level of certainty that the document they are checking for having been signed by each other is actually from the person in question. Why? there is only 1 "node" between them. There are limits to how many hops your web of trust will permit you to hop through people before trust is considered so low that the next hop won't give you a path for a trusted sig.

Verification of identification:
In non-underground locations, a common verification tool is a drivers' license with some other metric. However, this is not something people will be willing to use here so easily.

Other methods for identification could include the following:

Add your UID here, post your fingerprint. When someone gets a card from you in person, they can verify the key from the server, and its fingerprint with the key id on your card and fingerprint from the forum. (the greater the number of dissimilar sources you can use to verify the person giving you an id/fingerprint, the stronger the verification of that key before signing.

Include an in-person metric and trusted source. If you have a best friend who does not lie to you, someone you trust, and they tell you another person is who they claim to be, this can help you with trusting the person is who they say they are, but not grant you as much trust as if you had been able to verify their identity through other means.

With gpg (though I am not sure about pgp) you can edit a trust level for each person. This permits you to specify how certain you are of who they are. This is available in modern versions of gpg. You can specify how carefully you checked their ID before signing, and establish levels of trust for the person.

You can download new keys, and install new keys, but signing is you stating that you have done careful checking that the person who owns the key you are signing is who they say they are.

Using public key servers is one way to help with this. Using a separate web page of the person you are meeting, where they have published their fingerprint/id on their web page is another, communicating with them through an established meium is another, talking on the phone, meeting in person, having someone you trust verify the person is who they say they are, etc... Each one of these that you can add to the process of checking helps to raise the level with which you can verify the person is who they say they are before you sign their key.

For those who are new to gpg/pgp, read through this:
Key signing party howto

Thanks!

[Edit: added content below]

Public key signing parties kick ass!

ID: 0x485A35B7
Email: dark [at] ca2600.org
Fingerprint: 9AD6 5B32 97C1 3B92 16B0 A1BE 338D 8A95 485A 35B7

Keyservers that I update to: keyserver.pgp.com, europe.keys.pgp.com:11370


- CD

ok here you go

simple3 [email goes here]

0x6B6AC736

BD65 28F6 B388 4976 005B B471 A8A0 335A 6B6A C736

--simple3

I have had this discussion before (with my local Linux Users Group), and my conclusion was that a face-to-face meeting is completely unnecessary. I call myself Voltage Spike. You know me as Voltage Spike. If I show up to the key-signing party, then I will be completely unable to produce identification that proves I am Voltage Spike. It simply means that somebody felt that it was worth the effort to physically move their butt somewhere to claim they are me.

I suppose you could solve this issue by arranging a secret passphrase (electronically) with each individual ahead of time and then verifying that at the party, but I still don't feel that physical presence greatly increases the level of trust.

In my LUG, as elsewhere, I proved my identity through my level of effort. I used the same identity, the same style of posting, and the same key consistently. Over time, people came to accept that I was who I was. Although anyone could have done the same thing to pretend they were me, there would be two problems: the level of effort makes the attempt unlikely, and their key would be different than mine (and would thus raise suspicion).

The three categories of verification are usually: something you are (usually biological), something you know (like a passphrase), and something you have (like a key card). A combination of more than one generally indicates a higher-level of verification, so let's see how that fits in here.

I will assume that the purpose of the key-signing party for my online persona is to prove that I, Voltage Spike, am available at a specific email address.

The first can be verified by attempting to reach me through email. Using a reasonably reliable network, my access to that email account helps demonstrate that I am that account.

The second may be arranged through the forum, such as the aforementioned passphrase. I suppose that this information could be conveyed in the email from above.

The third verification, "something" I have, is the matching private-key file.

I'm certainly not saying a personal meeting has no merit, and I'm also not saying that we should simply trust each other blindly. I just think that "rewarding" those that are the most active by signing their keys has the added benefit of raising the level of effort required to enter into the web of trust.

Besides, it is way too easy to buy into the web of trust at a key-signing party by offering free drinks. ;)

(If I understand you correctly, one of your points is this) If the use of a PhotoID is removed for in person meeting, then this does decrease the value of an in person meeting.

One of the things that an in person meeting does provide, is a name to a face, so that the human-sensed biometrics that we use can be applied with meeting them in the future.

Beyond socializing, meeting in person does help strengthen the web of trust by eliminating nodes which may have been previously traversed through a shared friend. When A and C meet, they and get to know each other and exchange keys directly instead of relying upon B to be their bridge. Using the forum after the in person meeting can further aid this verification-before-signing and may make it possible for others to pass through A to get to C or C to get to A if the inclusion of B caused either to be too many hops away.

One more thing to note:
Someone else's key need not be signed by you in order for you to use it. You can load new keys without signing them, and use those keys for checking sigs, etc. One of the differences (of course) is that when you verify a file as having been signed by the person who claims to have signed it, the check only verified someone signed it with a private key that is "paired" to the public key you are using to perform the check if there is no path to the newly loaded key in the web of trust.

Some people will sign keys because their applications that use pgp/gpg won't "work" unless a key is signed, or can be verified through other signed keys in the web of trust. This is just a limit in applications to adaquately describe to the user what risks are associated with using keys that are not signed, or cannot be verfied through the web of trust.

I like your response. You provided a thoughtful reply: Thanks!

I could swear you're my boss, CotMan. He's made the exact same argument about the Web of Trust.

I'm not entirely sure but I'm pretty certain my government issued photo ID doesn't say "gzzah" on it. DT's probably does, however. He's got them connections. The only thing we have to verify trust is by what we post here and any close friends that you may trust.

Getting into the Web of Trust, however, can be difficult if you don't have anybody that will "vouch" for you. If someone were to walk up to you during the keysigning party and say "Hey, I'm gzzah. Sign." how are you going to verify that it's really me? I can tell you that I've met some of the people here but I was a wallflower at the last cons I went to. They probably wouldn't remember me. I'm not that memerable. :)

I believe the point of this signing exercise is to simply get the ball rolling. I know DT has a whole gang of people he knows that will willingly sign his PGP key. He just wants the rest of us to do it so we can have a sense of community spirit.

Or maybe he really doesn't have that many friends and needs the forum crowd to help him out... We nice people! We help the needy!

Almost... My point was that you can't use a photo ID to verify who I am because there is (currently) no way for me to obtain a document verifiying I am Voltage Spike. I could verify my
real-life identity, but I am hesitant to do that and it has no bearing on the "electronic me".

Ah, that is a good point. However, this is Defcon. The risk of social engineering is likely to be high. :)

Ah, but wouldn't this work online as well as it does off?

Note that you are also bypassing the web of trust here. You are assuming that because A verifies B and B verifies C, then A verifies C. However, is this not the point of the web?

Besides, there is nothing stating A can't sign C's key at a later date simply because they had previously been related only through B.

You are going to thank me for that? Are you trying to imply that my post was an exception and not the normal response around here? :p

Well, I am looking at, "in addition to." The idea is to have an in person meeting in addition to online transactions. The greater the number of different methods for identification you have, the greater your chances in avoiding vouching for another by signing a key who will expose you to a poisoned web of trust.

Consider meeting someone at DefCon where you have only met them in person, or only met them online. Even if they post a great deal, when you sign their certificate, you can establish a level of trust for that person. If they are part of a group of people who trojan source code, and alter a web site and package to show a different maintainer KeyID for verification of a package, then if you happen to download a source package and then verify against the key published on their website, your web of trust may show the package is "trustworthy" because the web of trust allows you to hop through this evil hacker's key to their wicked associates. By signing keys without careful checking, especially when you consider the population of this group, you increase your exposure to having access to posioned webs of trust.

I think newer versions of gpg allow you to actually set the level of trust for a user and specify how well you have verified the person as being who they claim they are, when you sign their key. This is a nice feature, and may decrease risk of exposure to posioned webs of trust.

Again, I'm not writing about using an in person meeting as a replacement. In the first post and the second post, I outlined it as an additional piece of information. (First step in knowing a thread is nearing an end: statement is repeated more than once. I won't be replying to this topic of this thread again if the issue of using an in-person meeting as an _additional_ metric needs to be restated again-- meaning, with other methods of checking.)

Nothing stopping a person from doing this, but if that is done, then what is wrong with signing everyone's keys through which is only one hop further from you? If A knows B who knows C and A signs C's key at some later date without performing careful checking, then why not continue to progression and sign other people's keys who are more than one hop away? After each cycle, people who were 2 hops away become 1 hop away. Given enough time, you could effectively sign all public keys. I do not like this idea. What is gained by signing someone's key in this fashion?

Sure! I'll thank you for that, but not because it is an exception, but because I had something to add in a reply other than "nice post" or "me too." Just because I do not follow up a post as good or bad does not mean I do not think it; I just see no need to post something like that unless I am contributing to the content of the thread.

Ah. What we have here is a failure to communicate. I will attempt to address that.

I realize what you are saying. I was questioning how a real-life meeting would increase the level of trust between two people who have only known each other electronically.

The most relevant statement relating to this issue was that of the "human-sensed biometrics", a factor I had not considered.

Pardon me for making assumptions, but I believe you are confused on this issue.

The purpose of key signing and the web of trust is to verify that a key does, in fact, belong to a specific individual. However, just because I trust that A and B are who they say they are does not mean I trust either A or B. I can only claim with a certain degree of reliability that the package, in this case, comes from A or B.

You bring up an interesting idea, though: using your own personal web of trust to verify the "trustworthiness" of an individual. In other words, I am not going to sign A's key, even though I know for a fact that he is A, because A is a "bad guy". The principles of verification are largely the same, but it would only work if the people in your web know why they are signing a key and what the consequences might be.

hehe, that is why there are different levels of trust (at least in PGP/GPG). If I know you take great pleasure in signing as many keys as possible, you are getting filed under "untrusted". However, my close friends with the tin-foil hats may be "completely" trusted. :)

I don't know of such a feature, but you may be getting confused with the aforementioned trust values. The trust doesn't specify your level of trust in that individual's identity. The trust specifies your faith in that individual to verify a person's identity before signing.

When you sign a key, you are either all in or all out. When A signs B's key, A is stating that the signed key definitely belongs to B.

I apologize if I implied you felt that way. I knew that was not the case.

Ouch, now that is snippy (little offense intended).

Your ultimatum implies that your posts never require clarification and are not open for discussion. While I find many of your posts well thought-out and insightful, I am surprised to meet such a claim. :)

I understand the problem. Essentially, we both thought, incorrectly, that the other party was arguing the same point.

I hope you can see where the confusion comes in. Your example of A and C meeting at the key-signing party and, because they both know B, signing each other's keys implies a violation of the web of trust. While you did use the phrase "get to know each other", it appeared, in context, that you were attempting to shortcut the web.

(Ooh, quoting myself. How presumptuous of me. :))

I knew I should have qualified my statement with "if A gets to know C well enough". I thought, apparently incorrectly, that the meaning of my statement would be apparent in context.

I know it is a little off-topic, but I'll be brief.

I whole-heartedly agree. I hope that, by posting only when I think it will add to the discussion, I increase the "signal-to-noise ratio" in public forums. Although this rule may not skyrocket the number of posts that I make (a number which is all-too-obvious in the vBulletin software), I prefer a reputation for "quality over quantity".

Web of trust....

Exactly: meeting someone in person, and signing their key doesn't guarantee that they are in fact who they are claiming to be. So where do you draw the line? You could meet someone online, talk for two years- and finally meet and sign keys, only to find out that the online persona created/used by that person was totally bogus from the start. It boils down to 'degrees' of trust. Meeting in person may add a degree of trust (ie you've physically seen them) but that is all it adds, a *degree*-

Also consider, there are some people who you can *pretty much* verify they are who they say they are....like if you meet Dark Tanget at DC, you pretty much know that this is the person who calls himself DT, so you sign keys. If someone who doesn't look like DT comes up to you and says "sign my key" you know that he is full of crap. Again, you've added a degree of trust by physically seening that person. For sake of argument, there could be a person out there who *looks* like DT, and if you didn't know him could get you to sign a key under the guise that he was in fact DT. Round and round we go.

It's still better than the unencrypted plain-text state of most of the web these days.

LosT