Hello all,
I think that when such a number of people come together it would be nice to have a key-signing in Berlin. If you have no idea, what a key-signing is, look at the wikipedia-article [[en:Key_signing_party]]. If you don't own a pgp-key yet and are an linux-user there are several how-tos on the net to get one fast (there are how-tos for windows-users too, but it's more complex, but that doesn't need to stop you).
Because there is no time (and place) for a hash-methode-keysigning (you know, all standing in a line for hours ;)), I would organise a list-methode-keysigning. That means that you send me
*Your nick (if you have one) *Your realname (optional, but some people don't sign non-realname-keys) *Your keynumber *Your key-hash *Your key (if it is not on normal key-servers)
to pgp@daniel.baur4.info.
I will make a list of that data. Then I (respectively the verein) will print out several copies of that list and place them at central places (like the reception or the c-base) for hand-out. You can also place sticker on your nameplate (to let people easier find you) if you like (I have colorful sticker-dots here ;)).
You will take such an list and start looking for other people, that stand on the list, check your hash on his/her list and his/her hash on your list and mark your name as checked on his/her list and his/her name on your list if all is right. Then continue until all entries on your list are checked (or the meeting is over).
It would be very nice if many people would participate to increase the level of trust (at least the key-trust) between us.
Follow up to foundation-list.
Sincerly, DaB.
P.S: Even if you come just to the party on saturday, you can take part!
2.P.S: I organize a key-signing for the first time, so please be patient if I did anything wrong.
DaB. wrote:
Hello all,
I think that when such a number of people come together it would be nice to have a key-signing in Berlin. If you have no idea, what a key-signing is, look at the wikipedia-article [[en:Key_signing_party]].
Private keys can be compromised by anyone with a whim and a few thousand dollars, either physically by compromise of the device, or remotely by social engineering or zero-day exploit. Key signing parties are premised on the idea that private keys are really private. Since they aren't, the additional security of a real-life meeting is somewhat farcical.
Maybe in the crypto-anarchist fantasy future, filled with hostile corporations and goverments, it would make sense. But in the real world, I think the SSL hierarchy provides a better model. It has a central authority with some competence in identity verification and security, which can issue a revocation certificate even if someone burns your house down. And you can verify the authenticity of a public key even if you don't have any friends.
My vote is for a Guitar Hero party instead.
-- Tim Starling
On Wed, Apr 1, 2009 at 8:51 AM, Tim Starling tstarling@wikimedia.org wrote:
Private keys can be compromised by anyone with a whim and a few thousand dollars, either physically by compromise of the device, or remotely by social engineering or zero-day exploit. Key signing parties are premised on the idea that private keys are really private. Since they aren't, the additional security of a real-life meeting is somewhat farcical.
Moreover, what's to stop someone from showing up and claiming to be you? How are you going to confirm that -- by their telling you they're coming and what they look like, over the Internet? Why don't they just sign your keys over the Internet and skip the middle-man?
Not to be negative or anything, sorry. (I'm not even going to be there.)
This is widely off topic, I know...
Aryeh Gregor wrote:
On Wed, Apr 1, 2009 at 8:51 AM, Tim Starling tstarling@wikimedia.org wrote:
Private keys can be compromised by anyone with a whim and a few thousand dollars, either physically by compromise of the device, or remotely by social engineering or zero-day exploit. Key signing parties are premised on the idea that private keys are really private. Since they aren't, the additional security of a real-life meeting is somewhat farcical.
Moreover, what's to stop someone from showing up and claiming to be you? How are you going to confirm that -- by their telling you they're coming and what they look like, over the Internet? Why don't they just sign your keys over the Internet and skip the middle-man?
Not to be negative or anything, sorry. (I'm not even going to be there.)
Personally (even though I don't have tattoos) I think I could give details of myself that would be somewhat difficult to forge on short notice. The index finger of my right hand sports a completely healed up lack of nail. That is to say my index finger has a shrunken leathery surface where usually there would be a nail.
my left wrist on the backside also has three round scars, where I have burnt them with various cigarettes and cigars, in a roughly belt of Orion pattern, and my chin has a prominent scar on the underside from when I jumped into the pool as a child, backwards, taking a seriously too short a step :-D ( I cringe every time I hear the famous quote by John Glenn :-) This story benefits from me mentioning that after the cranial shock of nearly dislocating my head from my neck, I subsequently promptly ran head first into a window that was open, and just managed to ignore the presence of, giving me a much more short lived scar on my forehead as well.
Yours,
Jussi-Ville Heiskanen
On Sat, Apr 4, 2009 at 6:37 AM, Jussi-Ville Heiskanen cimonavaro@gmail.com wrote:
Personally (even though I don't have tattoos) I think I could give details of myself that would be somewhat difficult to forge on short notice. The index finger of my right hand sports a completely healed up lack of nail. That is to say my index finger has a shrunken leathery surface where usually there would be a nail.
Okay, great. So if someone shows up with an index finger like yours, there are two possibilities:
1) Someone forged this e-mail from you that I was relying on, and the key I just signed is bogus.
2) This e-mail from you is legitimate, so the key is legitimate. But in this case, why didn't you just skip the middle-man and include the public key in your e-mail and have me sign it from there?
Getting a public key from someone who you've only communicated with via e-mail can *never* be more secure than just getting the key via e-mail somehow. As far as I'm concerned, you may as well not exist in real life at all. I've only read your e-mails. Your real-life identity isn't necessary or even useful to my verification of the identity I care about, viz., your e-mail identity.
The secure way to do key-signing in situations like this is to attach a GPG signature to every e-mail you send. If you attach the same public key to every single e-mail you send for a few years, then there's no question about whether the key is yours. Whoever is writing the e-mails is the one whose private key is used to sign the mail, period. If all the e-mails you've ever sent are forged, and I only know about you by reading the e-mails, then you *are* the forger as far as I'm concerned.
Similarly, my identity can be verified by the fact that I've had commit access and toolserver access for a couple of years based on my private key. So you know (or at least, whoever has access to a secure list of public keys of committers or toolserver users knows) that whoever controls that private key is the one who's been doing all those commits and things, which has pretty much got to be the same person who's been posting on mailing lists and so on. *That* is secure.
Key-signings are probably a fun social event, though, even if they aren't worth much from a security standpoint, so don't mind me. :)
I generally agree with your points, but I'll reply your points even if it's just slightly more secure.
Aryeh Gregor wrote:
Okay, great. So if someone shows up with an index finger like yours, there are two possibilities:
- Someone forged this e-mail from you that I was relying on, and the
key I just signed is bogus.
*If* the real Jussi-Ville regularly reads this mailing list and doesn't reply in a week, I think we can assume it's the same one (Problem: Would mailman deliver a forged email to the subscriber? It may also need a reply to be sure it arrives to his mailbox).
- This e-mail from you is legitimate, so the key is legitimate. But
in this case, why didn't you just skip the middle-man and include the public key in your e-mail and have me sign it from there?
Getting a public key from someone who you've only communicated with via e-mail can *never* be more secure than just getting the key via e-mail somehow.
Suppose someone alledgedly Jay Walsh walks into the key signing. -You could verify its face against http://wikimediafoundation.org/wiki/File:Jay_Walsh_May_2008.JPG, which has been uploaded by his user account.
You can apply the web of trust on real world. If also Brion and Tim are there and they confirm that it is indeed Jay Walsh, you could believe them, based on a prior presentation, their portraits or that their keys are at https://secure.wikimedia.org/keys.html, certified by Equifax. (Although my browser claims that 'my connection to this website is not encrypted')
As far as I'm concerned, you may as well not exist in real life at all. I've only read your e-mails. Your real-life identity isn't necessary or even useful to my verification of the identity I care about, viz., your e-mail identity.
Sure. If the mailing list is full of sockpuppets of the cabal we are all doomed. :)
The secure way to do key-signing in situations like this is to attach a GPG signature to every e-mail you send. If you attach the same public key to every single e-mail you send for a few years, then there's no question about whether the key is yours. Whoever is writing the e-mails is the one whose private key is used to sign the mail, period. If all the e-mails you've ever sent are forged, and I only know about you by reading the e-mails, then you *are* the forger as far as I'm concerned.
This moves the issue as to when add to your keyring/trust a signature on a random email. If you use to add all new signatures, you're bound to accept a fake key on a seemingly inoffensive email, which although forged, could perfectly have been sent by that person.
Similarly, my identity can be verified by the fact that I've had commit access and toolserver access for a couple of years based on my private key. So you know (or at least, whoever has access to a secure list of public keys of committers or toolserver users knows) that whoever controls that private key is the one who's been doing all those commits and things, which has pretty much got to be the same person who's been posting on mailing lists and so on. *That* is secure.
I don't think that list is public.
Key-signings are probably a fun social event, though, even if they aren't worth much from a security standpoint, so don't mind me. :)
Nobody really use them, so it isn't worth trying to break the system yet, other than as a joke or proof-of-concept. OTOH if money tranfers were routinely done based on pgp signed emails, the panorama would change.
Tim Starling wrote:
Private keys can be compromised by anyone with a whim and a few thousand dollars, ...
How's that? The methods you mention are not specific of private keys. The same could be said about any computer system. Does that mean that no system is secure? Access to place a big banner into WMF servers is probably worth more than a few thousand dollars...
Given that proper security practices are followed, the only way *should* be the $5 wrench.
2009/3/31 DaB. WP@daniel.baur4.info:
Hello all,
I think that when such a number of people come together it would be nice to have a key-signing in Berlin. If you have no idea, what a key-signing is, look at the wikipedia-article [[en:Key_signing_party]]. If you don't own a pgp-key yet and are an linux-user there are several how-tos on the net to get one fast (there are how-tos for windows-users too, but it's more complex, but that doesn't need to stop you).
Because there is no time (and place) for a hash-methode-keysigning (you know, all standing in a line for hours ;)), I would organise a list-methode-keysigning. That means that you send me
*Your nick (if you have one) *Your realname (optional, but some people don't sign non-realname-keys) *Your keynumber *Your key-hash *Your key (if it is not on normal key-servers)
I think that better idea would be to try to implement RFC:2549 protocol. If successfull we could keep communication between chapters and developers meetings in case of electricy shortage in Berlin ;-)
wikimedia-l@lists.wikimedia.org