AW: Re: laying groundwork for an eventual migration away from SHA1 with gpg
nd at syndicat.com
Thu May 21 15:48:36 CEST 2009
Keysigning parties makes sense if they strictly follow serious procedures and requirements - but can't give a 100% security (as the most other identity checks too). Even a Passport could be modified or cheated.
In most european countries it should be relative easy to make the Passport or Personal ID a requirement for each party member because at least one of both is a must by law and these documents are standardized during most european countries, known by everyone and made on a relative high security level mainly. On a european level the european drivers license could work too.
But - in each case - you have to prove the document by a list of security features which are publically documented by the government. I remember such practises by the european border passport control where the controllers used a okular like a small microscope to check the (even the newer biometric) passports of all travellers from iraq. It seems they didn't fully trust their own biometrical ID system byself.
It seems it is not easy to prove a public document without good (or may be special) knowledge about the documents. On the other hand you get officially identified on any postal office i.e. in germany (i.e. to open a bank account) where no one seems to check the documents so hard like here.
>From my experience there are very different levels of key-signing parties. The web of trust is not reflecting this levels in most cases.
More information about the Gnupg-devel