Re: A different way to do key signing parties.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Phillip Hallam-Baker <hallam@xxxxxxxxx> wrote:
    > Now imagine that this personal PKI is designed so that my personal root
    > key need never expire. Or at least not until I do. So now let's take a
    > fingerprint of that key. And let's imagine that I provide that
    > fingerprint to the IETF during registration ‘somehow’ (add encryption
    > to taste).

Do we need to involve the IETF secretariat, or can we do this some other
indirect way?  I can put any text on my badge that I like.

    > I will elide the cryptography, but assume I am using plenty. The user
    > experience I am looking at right now would have the conference present
    > a QR code on a screen that changes every 30 seconds or so or each time
    > it is scanned. That presents a domain name and a cryptographic
    > challenge. When scanned using the app, the challenge is put through a
    > one way function to obtain the locator for a document giving the rest
    > of the information needed to complete the registration.

okay.

    > So now my app is saying ‘do you want to pick up your IETF badge’ or
    > whatever and I click yes and that causes the app to post my Mesh
    > fingerprint to a URI indicated in the document and that causes the desk
    > to get a note to look for phill’s badge and also tells my conference
    > scheduling app to load the IETF material. [Quite possibly customized to
    > include my Directorate etc. private events]

That's interesting.

    > Now imagine we have been doing this sort of thing for five years. At
    > this point, we have a pretty solid binding of identity. It is not
    > perfect but it has a very very high work factor and if the attacker
    > hasn’t planned the attack in advance, they kinda need a time machine.

Someone who has attended 15 IETF meetings (3*5) is probably whomever their
badge says, regardless of who the government says they are ;-)

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@xxxxxxxxxxxx  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux