Fachschaft INF & SWT

Table of Contents

• Course of a Hash Based Method Party
• Schedule
• Web of Trust (WoT)

Course of a Hash Based Method Party

Theory

The Hash Based Method Party was originally conceptalized by Phil Zimmermann and Len Sassaman (Efficient Group Key Signing Method) in order to optimize large keysigning-parties. Specifically, parties involving a few hundred people at free software conferences which would have been unable to allow the same number of key signatures to be made without the optimization. The idea is that individuals can trust a cryptographic hash to protect the individual key fingerprints and identity information in a given list. Therefor, individuals only need to check the hash on their electronic list with the master list. They do not need to check the fingerprint of each individual key with the key owner. Each individual will state if the fingerprint on the master list is correct for their key, and then present themselves and identification for people to verify.

The key stone of the security of digital signatures is the one way cryptographic hash function. If you use PGP to communicate over the internet and rely upon key signatures to determine the authenticity of keys, you are investing a great degree of trust in digital signatures. Therefor if you trust hash technology to protect key exchange it should not be a large step for you to trust it to protect key fingerprints.

Organizing

The party must be pre-announced. Key information is collected by a coordinator who publishes the list along with a hash value.

At the party, the entire group of participants should be asked if they are present and if their key information is correct. If no objections are raised, no one is absent, identities are verified, and the hash value for the master list is verified by all participants all keys on the list can be digitally signed.

Participating

You should verify your own key information, the digital signature of the list, and you should validate the attendance and identity of each person at the party. You can then sign all of the keys for attending verified parties.



Table of Contents

Schedule

• Pre-Announcement
  
  Sunday, 15 May 2011
  • Poster [pdf]
• Talk about (Open)PGP/GPG
  
  Wednesday, 1 June 2011, 14:00, V38.01 – within the scope of inf.misc
  • Handout [pdf]
• Deadline to send ASCII armored keys to the coordinator
  
  Wednesday, 15 June 2011, 23:59
  • keysigning@fachschaft.informatik.uni-stuttgart.de
• Keysigning-Party with
  
  Wednesday, 22 June 2011, 18:30, V38.01
  • List with Fingerprints and Identity Information [txt, UTF-8]
    • (partial) Hash Values

           SHA1: 08F1 4D0A 0A24 62D9 6F56  .....

      RIPEMD160: 7461 2CEA F329 8467 A385  .....

  • Required Items
    • Physical attendance
    • Positive picture ID (e.g. identity card)
    • Printed version of the List above along with its (complete) Hash Values
    • A pen/pencil or whatever you’d like to write with…
    • NO computer
  • For additionally Required Items
    • Second positive picture ID (e.g. passport or driver license)
    • Printed version of the CAP form
  • Keyring [asc]

Table of Contents

Web of Trust (WoT)

• 22 June 2011 [png]
  
  Wednesday, 22 June 2011
• 24 June 2011 [png]
  
  Friday, 24 June 2011
• 2 July 2011 [png]
  
  Saturday, 2 July 2011
• 7 July 2011 [png]
  
  Thursday, 7 July 2011

Table of Contents