On Tue, Aug 01, 2000 at 03:28:28PM +0000, Dale Scheetz wrote: > The people who signed keys said themselves that they could not with any > sureness identify someone who's key they signed once, long ago. We > realized, after some debate, that the fact that the developer in question > _did_ see a passport/ID during the keysigning process is adequate to > satisfy the handshake criterion. The fact that these keysignings happened > imparts a bit of trust to the keyholder. Huh? It says that the signer believes that the person with that name (as identified by reasonably official documentation like a passport) believes he holds that key. [0] Sure, it doesn't say what he looks like, but who cares? It doesn't let you subpoena the developer to identify the applicant from a witness box, but, well, again, who cares? More relevantly, the signature doesn't give you any guarantees that you can contact the person in the real world, which is, IMO, a useful thing to guarantee. If someone knows that their anonymous remailer and crypt.kk account will be all that's affected if they upload bad packages, then there's less of a problem than if they'll get a phone call asking "What the hell do you think you're doing" and possibly have the details passed on to the local police, or whatever. In the past, this was done by just making a phone call to the applicant. Given a phone number and a name, you've got a good chance of being found if it's really necessary. A signed passport could replace this somewhat, but it would let people do identity theft, if not true anonymity. Steal someone's drivers license, make up a fake key with their name and a hotmail address, sign the drivers license, and send it in. No developer's ever met you, if anyone tries tracing you, they'll end up getting some innocent who doesn't even know what this lienucks thing is meant to be. So, I mean, given a phone call, and given another developer's signature, I don't really see what this buys you. And without a phone call and another developer's signature, it's not a particularly ideal form of authentication. Cheers, aj [0] Signing a picture-id, on the other hand, says the person with the key believes he has that name and face, but you already know the keyholder believes he has that name because that's what the key says. Showing that you can send a scanned image of a passport or so goes some way to showing that you posess the passport, but it's not particularly convincing. The AM can then perform the same demonstration. It's much less convincing than actually physically showing someone your passport, and letting them look at the photo and your face and saying "Gosh, you look different". -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``We reject: kings, presidents, and voting. We believe in: rough consensus and working code.'' -- Dave Clark
Attachment:
pgpmMxsO191SR.pgp
Description: PGP signature