by Reminder: there will be a Birds of a Feather (BoF) session at the
upcoming USENIX Security Symposium to handle PGP key signing among
Symposium attendees (this is separate from the USENIX PGP Key Signing
Service, to be started at this Symposium as a USENIX member benefit).
I am reposting the original notice to a wider audience in case some
folks don't necessarily read comp.org.usenix, where this first appeared
last month.
Summary: if you are attending the USENIX Security Symposium next week
and are interested in the key signing session, please let me know via
E-mail and send me a copy of your PGP public key. That will help get
things set up. Bring with you to the session: your key's fingerprint
and a photo ID (driver's license, passport, etc.). Thanks!
-----BEGIN PGP SIGNED MESSAGE-----
Greetings. As you may know, USENIX is introducing a new service at the
July Security Symposium, called the USENIX PGP Key Signing Service.
With this service, USENIX members attending a USENIX conference can
have their Pretty Good Privacy (PGP) public key signed by USENIX and
therefore be introduced to the Web of Trust (for more information on
this, please see the URL http://www.usenix.org/pgpintro.html).
As an addition to this service (for USENIX members) or instead of this
service (for non-USENIX members), I am helping in the organization of a
more traditional key signing as a Birds-of-a-Feather (BOF) session to
further introduce PGP keys to Web of Trust. In this session (to be
held at the Fairmont Hotel on Tuesday night from 6pm-8pm, July 23, in a
room to be assigned), Symposium attendees (USENIX members or not) may
meet the users who wish to have their keys signed by other attendees
and can confirm owner identities via face-to-face protocols (e.g.,
checking driver's licences, much like USENIX will do to sign keys).
After confirming someone's identity and key fingerprint, you can then
properly sign their keys, so that others may not have to perform this
step before using that person's key, assuming the potential key user
trusts you to certify keys. This helps in the efficiency of using
public keys for various functions, since being able to know that a key
really belongs to the indicated owner is important.
To help setup this session, I need to know (via E-mail will be fine) if
you are interested in participating in this keysigning. To help speed
things along at the session, I will collect the public keys of
interested parties beforehand, and make them available on a keyring on
my FTP server (path to be announced later). I will bring listings of
the keys on that keyring, along with the key fingerprints of each (if I
can, I will bring some floppies with the keyring as well). Each BOF
attendee can then identify themselves to the other attendees, and read
the correct fingerprint for their own key (so that everyone can verify
that the keyring does indeed have the correct key for that person).
Each person on the list will do this in turn, until all keys owners
have been positively identified (we may have to negotiate on what is
"good" ID for certain cases), and all fingerprints are verified. After
that is done, each attendee can pick up the keyring at their leisure
and sign the key or keys that they wish to sign. If desired, everyone
can send the signed keys back to me; I will act as a clearinghouse,
collect all the keys and signatures, and issue a final keyring which
has all keys with all the signatures. I can also send the final
collection to the public keyservers as well. This procedure is pretty
much as described in
http://world.std.com/~franl/pgp/how-to-organize-keysigning.html.
We will try to have a procedure available to take care of users who did
not know about the BOF before coming to the the Symposium or otherwise
couldn't send me a key beforehand, but it may be more difficult to help
you get signatures on your key in this case.
Please let me know if you have any questions or comments. Questions
post summaries of questions here, to avoid having discussions in this
group). If you will put a Subject: of "Symposium Keysigning" or such
in your message, that will help me process it appropriately.
Just check the BIRDS-OF-FEATHER Bulletin Board located in the
USENIX registration area for meeting room location when you arrive.
Hope to see you at the Symposium!
Peter
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMbzuC44CzbsJWQz9AQFPkAP/azVl2oABibcue6V7xoIYzJ5cT8u1rUmK
eofMDJg+VIJcZb5C8Hat6agNSJqDTCA43inyWH/PzNJwWFpBp9OgVir5Q4GfklTa
pMj0eTgwSW831ILUacuqqNqcarH502JyEhKRbf9NucqAq17j6FxSOEpr2Ld6XIHA
GXAZC4vCMUI=
=hkT6
-----END PGP SIGNATURE-----
--
Computing and Networking Services Atlanta, Georgia 30332-0280
College of Computing, Rm 213 +1 (404) 894-4736
<A HREF="http://www.cc.gatech.edu/staff/w/Peter.Wan/peter.html">Peter N. Wan</A>