On Tue, Aug 01, 2000 at 03:28:28PM +0000, Dale Scheetz wrote:
> The people who signed keys said themselves that they could not with any
> sureness identify someone who's key they signed once, long ago. We
> realized, after some debate, that the fact that the developer in question
> _did_ see a passport/ID during the keysigning process is adequate to
> satisfy the handshake criterion. The fact that these keysignings happened
> imparts a bit of trust to the keyholder.
Huh? It says that the signer believes that the person with that name (as
identified by reasonably official documentation like a passport) believes
he holds that key. [0]
Sure, it doesn't say what he looks like, but who cares? It doesn't let
you subpoena the developer to identify the applicant from a witness box,
but, well, again, who cares?
More relevantly, the signature doesn't give you any guarantees that
you can contact the person in the real world, which is, IMO, a useful
thing to guarantee. If someone knows that their anonymous remailer and
crypt.kk account will be all that's affected if they upload bad packages,
then there's less of a problem than if they'll get a phone call asking
"What the hell do you think you're doing" and possibly have the details
passed on to the local police, or whatever.
In the past, this was done by just making a phone call to the applicant.
Given a phone number and a name, you've got a good chance of being found
if it's really necessary.
A signed passport could replace this somewhat, but it would let people
do identity theft, if not true anonymity. Steal someone's drivers
license, make up a fake key with their name and a hotmail address,
sign the drivers license, and send it in. No developer's ever met you,
if anyone tries tracing you, they'll end up getting some innocent who
doesn't even know what this lienucks thing is meant to be.
So, I mean, given a phone call, and given another developer's signature,
I don't really see what this buys you. And without a phone call and
another developer's signature, it's not a particularly ideal form of
authentication.
Cheers,
aj
[0] Signing a picture-id, on the other hand, says the person with the
key believes he has that name and face, but you already know the
keyholder believes he has that name because that's what the key
says. Showing that you can send a scanned image of a passport
or so goes some way to showing that you posess the passport, but
it's not particularly convincing. The AM can then perform the same
demonstration. It's much less convincing than actually physically
showing someone your passport, and letting them look at the photo
and your face and saying "Gosh, you look different".
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``We reject: kings, presidents, and voting.
We believe in: rough consensus and working code.''
-- Dave Clark
Attachment:
pgpmMxsO191SR.pgp
Description: PGP signature