[PGP Lock]

PGP Keysigning

Because of the great success of the PGP keysigning non-parties during the previous SANE conferences, we continue this tradition. A PGP keysigning non-party aims to achieve a similar goal in an entirely different way as the so called "PGP keysigning party".

Recent versions of PGP (and GPG) contain facilities for encrypting disks and for setting up Virtual Private Networks. Most people, however, know Pretty Good Privacy mainly as the de-facto standard for communicating confidentially across the open Internet. Good manuals for PGP are included with the source code distributions. An excellent starting point for finding what's going on is www.gnupg.org

The traditional purpose of a so called PGP keysigning party is to establish the ownership of PGP keys. When you meet someone in person, and he shows you his passport and he confirms that some PGP key is his, this allows you to `sign' that key. Other users of PGP, who were not present during this event may decide to rely on your identification. For this reason conferences where many people from different countries meet are good places to extend the Web of Trust.
In the traditional keysigning party, all people get together in a room to see each other confirming their keys and passports. The growth of SANE starts making this rather impractical.

We want to avoid the time consuming hassle of verifying passports and PGP fingerprints by introducing the services of two Trusted Third Parties, being Teun Nijssen of Tilburg University and the NLUUG. Teun Nijssen runs the SURFnet Policy Certification Authority (see http://pki.surfnet.nl/) and the SURFnet keyserver. He also is a member of SURFnet's Computer Emergency Response Team CERT-NL, and he played a role in making available PGP source code outside the USA by involvement in the source code book scanning effort.
Teun will run a so called PGP key signing non-party during SANE.

Here are the rules of the game:

In addition, the keys of those people who asked for signatures from as many delegates as possible will be made available as a downloadable keyring on the Web. If people feel confident that the identification process described above is as careful or better as the traditional keysigning party, they are in this way able to put their signatures on the keys already signed by the Trusted Third Party.

Hope to see you in Amsterdam,

Teun Nijssen

[Teun happy with water after climbing from a
tropical valley]