Re: key signing request - Nijmegen, The Netherlands
On Fri, 16 Feb 2001, Peter van Rossum wrote:
> . . .
> I have no problem collecting all fingerprints and printing them
> out a bunch of times. However, it doesn't seem a very safe approach
> to me. I may be wrong here, but just consider for a moment that
> I happen to be the infamous Charlie. I'll then create my own key
> with name, say, "S.M. Claassen", upload that key to the keyservers
> and put the fingerprint of that key on the sheet. Then everyone
> will happily sign the key and I can henceforth pretend to be Sil.
>
> Ofcourse, if we all check our *own* fingerprints on the sheet that
> I print, then I will be busted very quickly ;-) The problem
> also goes away if we all bring our own pile of keyslips with our
> own fingerprint on it.
> . . .
>
I recall reading a formal suggested protocol somewhere which entailed
(after handing out copies of the list of user/key ID's and fingerprints
and after having established the respective personal identities) each
participant's reading aloud each character of his/her own key information
to allow the other participants to verify the (purported) relationship
between that person and that particular key. A more intimate atmosphere
could be fostered by standing in a circle and holding hands during the
process ;->
Greetz,
Sil "Let's do it by candlelight" C.
-
Mail to debdev-request@info.cistron.nl to subscribe/unsubscribe
Reply to: