Zimmermann–Sassaman key-signing protocol

From HandWiki

In cryptography, the Zimmermann–Sassaman key-signing protocol is a protocol to speed up the public key fingerprint verification part of a key signing party. It requires some work before the event. The protocol was invented during a key signing party with Len Sassaman, Werner Koch, Phil Zimmermann, and others.

Sassaman-Efficient

Before the party

The Sassaman-Efficient method is the first of the 2 types developed. Before the event, all participants email the keysigning coordinator their public keys. The coordinator then makes a text file of all the keys and accompanied fingerprint and then hashes it. They then proceed to make the text file and checksum available to all participants. The participants then download the file and check the validity using the hash. Then the participants print out the list and make sure that their own key is correct.

During the party

Everyone brings their own key list so that they know it is correct and not manipulated. Then the coordinator reads aloud or projects the checksums of the keys. Each participant verifies and states that their key is correct and once that is established a check mark can be put by that key. Once all the keys have been checked then the line folds upon itself and the participants then show each other at least 2 government-issued IDs. Once sufficient verification is established with the authenticity of the person, the other participant puts a second check mark by their name.

After the party

The participants then fetch the keys from a server or obtain a keyring made for the event. They sign each key on their list with 2 check marks and make sure that the fingerprints match. The signatures are then uploaded to the server or mailed directly to the key owner (if requested).[1]

Sassaman-Projected

The Sassaman-Projected method is a modified version of the Sassaman-Efficient, with the purpose for large groups. They both follow the same way with the exception of verifying identity. Instead of doing it individually the 2 forms of ID are projected for everyone to see at once. Once the person has verified that it is their key, the rest of the participants make 2 check marks next to the key.[2]

See also

External links

References