Deploying GnuPG into University Administration

[Daniel Luebke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello there,

I'm a student at TU Clausthal and, as a member of our LUG, did a
workshop for gnupg which was intended to convince students to use
e-mail-encryption and signing.
We had good luck and it was a great evening and so our administration
asked us to do the same for them.
That should be no problem but there's one question, where I'm not quite
sure, what to say: Since I only used gnupg in private environments, I
don't know how to centrally manage about 30 keys.
1. In my imagination there should be a central certification key which
is used by the IT departement to sign all keys for the users.
2. The users should then fully trust that key, so that they needn't sign
all keys of all employees.
3. The keyring should be centrally updatedable.
My question how to achieve this. To create a central certification key
is no problem and the administrators could modify the log on or user
creation scripts accordingly, so that the central key is stored in the
keyring and full ownertrust is set.
But how to centrally manage all keys? One could create a central
read-only keyring, which is used by gnupg where all employees' keys are
stored or one could set up a keyserver?!

I would like to know if anyone has deployed something similar and how
they dealt with that and probably arising problems.

Thanks in advance

Daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+HVllEKRSJJognFARAuvaAJ4htFFkzC0AHoYxTdWvCORab1ymQgCdGh15
2VMzufjz2WeZxxM7QixA6Sw=
=uk0C
-----END PGP SIGNATURE-----