LCA 2010
LCA 2009
OSDC 2008
LCA 2008
OSDC 2007
LCA 2007
LCA 2006
LCA 2005
OSDC 2004
Ad Hoc



Internet Vision Technologies

Keysigning Party Methods

The 'Sassaman-Projected' Method

The 'Sassaman-Projected' method is a modified version of the 'Sassaman-Efficient' method and is well suited to large groups.

The principle difference is that instead of having a folded back line of participants when it comes time to check IDs, a document projector is used to display the ID of each person in turn so that every other participant can clearly see it at the same time. Each participant's ID is therefore examined by everyone else present simultaneously, instead of by each in turn, and the event duration scales linearly with number of participants.

Before The Event

1. All participants email their public key to the keysigning coordinator.
2. The coordinator compiles all the submitted keys into an event keyring.
3. The coordinator generates a text file containing a list of all keys and their fingerprints, and calculates the MD5 and SHA1 checksums of the list.
4. The coordinator publishes the text file either by emailing it to all participants or making it accessible on a website along with the MD5 and SHA1 checksums.
5. Participants download the text file and calculate the MD5 and/or SHA1 checksums of the list, and check them against the checksums provided by the coordinator. If the checksums match it shows that the participant has an identical and unmodified copy of the key list.
6. Participants print out a hard copy of the key list and check the fingerprint of their own key included in the list is correct.

At The Event

1. All participants bring along their own hard copy of the key list which they printed themselves. Participants should only trust the key list they printed themselves from the file with verified checksums. This ensures each participant is working from a list they know has not been tampered with.
2. The event organiser reads out the checksums or displays them on a projector for all participants to compare with their own.
3. Each participant in turn approaches the front of the room and places their ID on a document projector so it can be seen and inspected by all other participants. The ID requirement is generally 2 forms of government-issued photo ID, but individual participants may enforce their own requirements as appropriate. It may be helpful to have 2 or so trusted people at the front of the room inspecting ID close up as an extra precaution against forged documents.
4. As their ID is being displayed each participant makes a statement that their fingerprint as included in the list is correct. This can be as simple as saying 'my fingerprint on the list is correct'. There is no need to read the fingerprint aloud: since the lists have been checksummed, the fingerprint that appears on all lists must be the same.
5. Other participants watch as ID is displayed, and tick their lists twice to indicate for each person that the ID is acceptable and that the fingerprint has been stated to be correct. Keys on the list belonging to participants who do not attend the event are crossed off, as are entries for people whose ID is not acceptable or whose fingerprint does not match.
6. Once all participants have presented their ID, key lists are to be stored away in a safe place by each participant to prevent tampering with the annotated list.

After The Event

1. Participants retrieve the public keys of all keysigning participants either by fetching individual keys from public keyservers or by importing an event keyring if one has been created by the event coordinator.
2. Participants work through their annotated key list, checking the fingerprint of each key against the printed list and signing keys that match and are ticked for valid ID and the owner stating the fingerprint is correct.
3. Participants either upload each public key they sign to a public keyserver, or email it directly to the key owner. Some key owners prefer not to have keys sent to public keyservers so in general it is courteous to email the key directly to the owner.
4. Signatures sent to each participant by other participants are imported into their local keyring.
Copyright 2004-2009 Jonathan Oxer ( Bandwidth donated by Internet Vision Technologies.