[147575] in cryptography@c2.net mail archive
[Cryptography] PGP Key Signing parties
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Wed Oct 9 16:23:14 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 8 Oct 2013 17:13:14 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4931999065149761553==
Content-Type: multipart/alternative; boundary=001a11c18e7a9b742604e8413c9c
--001a11c18e7a9b742604e8413c9c
Content-Type: text/plain; charset=ISO-8859-1
Does PGP have any particular support for key signing parties built in or is
this just something that has grown up as a practice of use?
I am looking at different options for building a PKI for securing personal
communications and it seems to me that the Key Party model could be
improved on if there were some tweaks so that key party signing events were
a distinct part of the model.
I am specifically thinking of ways that key signing parties might be made
scalable so that it was possible for hundreds of thousands of people to
participate in an event and there were specific controls to ensure that the
use of the key party key was strictly bounded in space and time.
So for example, it costs $2K to go to RSA. So if there is a key signing
event associated that requires someone to be physically present then that
is a $2K cost factor that we can leverage right there.
Now we can all imagine ways in which folk on this list could avoid or evade
such controls but they all have costs. I think it rather unlikely that any
of you would want to be attempting to impersonate me at multiple cons.
If there is a CT infrastructure then we can ensure that the use of the key
party key is strictly limited to that one event and that even if the key is
not somehow destroyed after use that it is not going to be trusted.
--
Website: http://hallambaker.com/
--001a11c18e7a9b742604e8413c9c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Does PGP have any particular support for key signing parti=
es built in or is this just something that has grown up as a practice of us=
e?<div><br></div><div>I am looking at different options for building a PKI =
for securing personal communications and it seems to me that the Key Party =
model could be improved on if there were some tweaks so that key party sign=
ing events were a distinct part of the model.</div>
<div><br></div><div><br></div><div>I am specifically thinking of ways that =
key signing parties might be made scalable so that it was possible for hund=
reds of thousands of people to participate in an event and there were speci=
fic controls to ensure that the use of the key party key was strictly bound=
ed in space and time.=A0<br clear=3D"all">
<div><br></div><div>So for example, it costs $2K to go to RSA. So if there =
is a key signing event associated that requires someone to be physically pr=
esent then that is a $2K cost factor that we can leverage right there.=A0</=
div>
<div><br></div><div>Now we can all imagine ways in which folk on this list =
could avoid or evade such controls but they all have costs. I think it rath=
er unlikely that any of you would want to be attempting to impersonate me a=
t multiple cons.=A0</div>
<div><br></div><div>If there is a CT infrastructure then we can ensure that=
the use of the key party key is strictly limited to that one event and tha=
t even if the key is not somehow destroyed after use that it is not going t=
o be trusted.</div>
<div><br></div><div><br></div>-- <br>Website: <a href=3D"http://hallambaker=
.com/">http://hallambaker.com/</a><br>
</div></div>
--001a11c18e7a9b742604e8413c9c--
--===============4931999065149761553==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4931999065149761553==--
