PGP Key Signing Service to be discontinued

For over two years, USENIX has been running a PGP Key Signing Service, in which people could present identification at a USENIX conference and subsequently have their PGP key signed by a well known USENIX key, thus becoming connected to the PGP "Web of Trust". This service had an innovative feature, that the individual did not have to have their PGP key ready in advance.

There are a number of reasons contributing to the decision to discontinue the service.

• The service began to take on the trappings of a Certification Authority. While there is nothing inherently wrong with that, there are others out there who perform exactly that service. USENIX's goal was to enhance connectivity within the Web of Trust, not to move it further toward a hierarchical organisation.
• New, and mutually incompatible, versions of PGP significantly complicated the programming, and hence the cost, of the service.
• The protocol which enabled trustworthy operation of the service turns out to have many unexpected failure modes. That is, when it works, it works fine, but when any mistake is made, it fails in ways which break the automated scripts... and newer versions of PGP with increased emphasis on interactive operation try to be "helpful" with disasterous results. Because the service was oriented to helping newcomers, only about 1/3rd of the submissions went through without error the first time... others needed to be retried, required manual intervention, or simply had to be rejected. (For example, about 20% of submissions used the example secret from the documentation, and not the issued secret!)

The signatures already made are still valid, the web interface for checking them will continue to work indefinitely, and it will continue to be possible to communicate with USENIX using PGP (note that for correspondence the office now supports both RSA and DH/DSS keys).

To replace the service, USENIX intends to provide some support for PGP Keysigning BoFs, and to do it in such a way that outside parties can also make use of many of the features. This furthers the goal of enhancing the Web of Trust without the overheads of a certification authority.

The useful feature of enabling people to come unprepared is going to be continued by a project we are calling "torn money" (after the old spy films where someone's identity was established by them having half of a torn banknote). A preliminary version of this will be available at the New Orleans general conference, with further Web-based support coming soon after. In this, individuals at the PGP Keysigning BoF will be helped with sheets of "shared secrets" which can be given to others to forge a link after they have left the BoF. Watch the USENIX PGP web page for more details as they become available.