Dear delegates to SANE 2000,
In previous SANE conferences a so called PGP key signing party was organized. This year SANE aims to achieve a similar goal in an entirely different way.
Recent versions of PGP contain facilities for encrypting disks and for setting up Virtual Private Networks. Most people however know Pretty Good Privacy mainly as the de-facto standard for communicating confidentially across the open Internet. Good manuals for PGP are included with the source code distributions. An excellent starting point for finding what's going on is www.pgpi.com
The traditional purpose of a so called PGP key signing party is to establish
the ownership of PGP keys. When you meet someone in person, and he shows you
his passport and he confirms that some PGP key is his, this allows you to
`sign' that key. Other users of PGP, who were not present during this event
may decide to rely on your identification. For this reason conferences were
many people from different countries meet are good places to extend the
Web of Trust.
In the traditional keysigning party, all people get together in a room to see
each other confirming their keys and passports. The growth of SANE starts
making this rather impractical.
We want to avoid the time consuming hassle of verifying passports and PGP
fingerprints by introducing the services of a Trusted Third Party,
being Teun Nijssen of Tilburg University. Teun Nijssen runs the SURFnet Policy
Certification Authority (see http://pki.surfnet.nl/)
and the SURFnet keyserver. He also is a member of SURFnet's Computer Emergency Response
Team CERT-NL, and he played a role in making available PGP source code outside the USA by
involvement in the source code book scanning effort.
Teun will run a so called PGP key signing non-party during SANE.
Here are the rules of the game:
To make the printout of your key, please point your WWW browser at http://pki.surfnet.nl/extract.html and `extract' the key with `verbose index' and `show fingerprints' selected. (If you didn't ever do so before, first `submit' your key to the server).
An example of the intended format is the page: http://horowitz.surfnet.nl:11371/pks/lookup?op=vindex&search=Teun.Nijssen&fingerprint=on
If you have multiple keys, or if a key has multiple user-ids (email adresses), clearly mark which user-id is to be signed.
pub 1024/66A74B31 1998/11/01 Teun Nijssen <teun.nijssen@kub.nl> Key fingerprint B4 1E 25 DA A7 54 B8 A8 C3 0C D8 20 D7 8C BC E5 66 A7 4B 31All keys signed by Teun will be submitted back to the keyservers.
In addition, the keys of those people who asked for signatures from as many delegates as possible will be made available as a downloadable keyring on the Web. If people feel confident that the identification process described above is as careful or better as the traditional keysigning party, they are in this way able to put their signatures on the keys already signed by the Trusted Third Party.
Hope to see you in Maastricht,
Teun Nijssen