You are here: Wiki-SL>KSP Web>WebHomeEn>ZimmermannSassamanEn (14 Jan 2011, PabloLorenzzoni)EditAttach

Zimmermann-Sassaman Protocol

Versão em Português

0. Variant

This protocol is a variation of the one described at Phil Zimmermann e Len Sassaman.

1. Requirements

  • A key pair.
  • Two ids with recent photo (or, at least, closest to your look today), at least one of them issued by a governmental entity.
  • A copy of the fingerprint of your public key.

2. Before the party

Key sending

Send your public key to the party key server until the deadline: 
bash$ gpg --keyserver ksp.softwarelivre.org --send-keys KeyID

Key list

Before the party a partitipant key list should be published. You must obtain a copy of this list and calculate the MD5 and SHA1 hashes of the file, authenticating them against the hashes given along with the list. It's really important that you yourself calculate these hashes. This is how to do it: 

bash$ gpg --print-md md5 keylist.txt
bash$ gpg --print-md sha1 keylist.txt

Print this list and bring these numbers written on top of it, at the appropriate spot. Again, it's really important that you yourself print the list; do not trust already printed lists. That's why Party Organizers do not provide ready and printed lists.

3. During the Party

Hash reading

At the party the MD5 and SHA1 hashes will be read at the beginning. If the hashes match with the one you have written, check the appropriate spot in the list.

Fingerprint check

Every participant check his own fingerprint in the list and, when called (following the list order), states for everybody to hear "fingerprint for key XXX is correct". All other participants check the appropriate spot in the list. Reading the fingerprint is not needed.

Group distribution

In the party, participants will be divided in two groups lined up in front of each other (we'll call them "group A" and "group B").

Identity check

The id of every participant is shown to the one in front, who should check if the name matches the one printed in the list.

Rotation

  • After the identity check, in the first move all participants of the group A take a step to their left, while group B participants don't move. In this moment, a participant of each group will be left out of rotation at each end of the line.
  • After new identity check involving the participants in front of each other, occurs the second move, in which all participants of group B take a step to their left, while group A participants don't move. In this moment, the participants that were left out of rotation previously join the opposite group.
  • After a new identity check, the process go back to the beginning. When all participants that began in group A end up in group B, the party is over.

In the following diagrams, all the rotations of a 8 participant party are depicted: 

Moment 0:         group A:     1   2   3   4
                  group B:     5   6   7   8
=================================================> Identity check: 1-5, 2-6, 3-7, 4-8
Moment 1:         group A:         1   2   3   4
                  group B:     5   6   7   8
=================================================> Identity check: 1-6, 2-7, 3-8 / Left out: 5 and 4
Moment 2:         group A:     5   1   2   3
                  group B:     6   7   8   4
=================================================> Identity check: 5-6, 1-7, 2-8, 3-4
Moment 3:         group A:         5   1   2   3
                  group B:     6   7   8   4
=================================================> Identity check: 5-7, 1-8, 2-4 / Left out: 6 and 3
Moment 4:         group A:     6   5   1   2
                  group B:     7   8   4   3
=================================================> Identity check: 6-7, 5-8, 1-4, 2-3
Moment 5:         group A:         6   5   1   2
                  group B:     7   8   4   3
=================================================> Identity check: 6-8, 5-4, 1-3 / Left out: 7 and 2
Moment 6:         group A:     7   6   5   1
                  group B:     8   4   3   2
=================================================> Identity check: 7-8, 6-4, 5-3, 1-2
Moment 7:         group A:         7   6   5   1
                  group B:     8   4   3   2
=================================================> Identity check: 7-4, 6-3, 5-2 / Left out: 8 and 1
Moment 8:         group A:     8   7   6   5
                  group B:     4   3   2   1
=================================================> Party is over

4. After the Party

Obtain party keyring

In the website for the party you'll find the keyring containing all the keys in the list, in GPG format and in multiple ASCII-armored files. You can easily import the whole keyring: 

bash$ gpg --import keyring.gpg

List processing

With the list you brought from the party, with the appropriate markings, you can choose the best way to sign the keys that you have correctly verified. This procedure is beyond the scope of this document (check how to sign automatically using caff or manually one by one the cryptographic keys).

What to do with the signed keys?

It's controversial whether you should send the signed keys to a public keyserver or back to its owner, so he/she do whatever he/she likes. It's generally considered Good Practice™ to send it back to its owner. This process can be rather slow and tedious if you've chosen to sign manually each key... Luckily, caff before mentioned follows this practice, and we recommend its use.

-- PabloLorenzzoni - 08 May 2009

Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | More topic actions
Topic revision: r3 - 14 Jan 2011 - 00:50:32 - PabloLorenzzoni
pt-br en

 
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Wiki-SL? Send feedback