A little hallway conversation led to a concensus that NCC-Services is the correct place to suggest this idea; it's a minimal-cost suggestion for aiding crypto key-signing via the RIPE conference registration. The main issue with exchanging crypto keys (eg PGP) is verifying that all the information has been copied correctly and spending the actual time to do it. If the online registration form has an optional field to supply a key fingerprint, then those who supply this will have their fingerprint listed in the attendee list and shown on their registration badge (optionally with keyid if not embedded in fingerprint). Then, if you're interested in verifying keys at the level of "I've talked to this person and someone has paid a few hundred euros for him to attend a conference in his name" or greater trust, then you can glance over the fingerprint on the badge, versus that on the list, and just tick the item. Then, later, working through the list you can just retrieve/sign/upload those keys which you've ticked. Benefits: * makes valid key-signing friendlier to the lazy and those without a surface to easily write on (or a PDA or ...) * so web of trust more likely to be established at RIPE meetings Disadvantages: * minimal change to registration form, slightly longer printouts * it's not _entirely_ free, but it's once-off minimal development and probably some text in the booklets explaining the system (and why people shouldn't just sign every key on the list) Does anyone think that this is a good idea, or a violently stupid idea? Should RIPE be doing this? (I actually proposed this at LISA a couple of years ago and the staff-member liked it and thought they'd try this at a USENIX Security conference, but I heard nothing more about it) -- Phil Pennock, Senior Systems Administrator, Demon Internet Netherlands NL Sales: +31 20 422 20 00 Thus Plc NL Support: 0800 33 6666 8