This Friday we had another PGP key-signing party at the office. This was a pretty academic exercise, as I rarely can use encryption in my emails: the system is way to complex to be used by the layman. What struck me during this key-signing party was how dated the whole process is, it was the developed in the 90’s and this shows in the clunkiness of the tools.
The first problem I encountered was, surprise, Unicode, or the lack thereof. Problem is that all identities and official documents have names in roman letters, but did not follow the same romanizations rules. You think this is a rare case, I encountered three during this party.
The second problem is the process involves written down key identities, which is fine, except the tools to create the printouts are horrible: everybody had a slightly different paper, with slightly different information, the content was badly laid out, with a courier font. This made the checking unnecessarily tedious.
The third problem is academic paranoia. Yes, it is possible to hack a printer to change the content of the key, but let’s honest this is a complex attack as nobody uses the same printer. This also means that a process that could be expedited using a mobile device is artificially tedious.
In fact, if I were to attack such a party, I would just use paper tricks: use thinner paper and glue together two keys, one that the reviewer sees, and another that separates when in the pocket. All participants left the party with a bundle of papers, with the assumption they checked them all, if one were to appear at that stage, they would not notice.
Ideally, I think this process could be greatly improved using a mobile app: add some QR-codes with the key’s fingerprint and the user information and use machine readable passports. The app would read both sources of information, display the information for comparison and keep track of the user’s choice (trust / don’t trust). That application does not need to connect to the network, all the processing can be done within the phone. Yes, in theory the app could be compromised, but so do the encryption tools.