Third party information
Tue Dec 10 20:05:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
> I'm convinced that I have the correct key. I declined to sign it
> as a matter of policy.
You also could have exchanged secret phrases and built from there by having
him encrypt the phrase with the key and mail it to you.
> *Two* picture IDs is fairly paranoid in a country that has mandatory
> high tech ID cards. I agree though, that challenging the e-mail
> addresses should be SOP.
> I was just wondering how much circumstantial evidence might be
> enough to replace the fingerprint.
I think you had more than enough (especially if anyone else there could
vouch for his key) but the leaving off of the fingerpring from the
documentation makes me question the person's diligence and attention
to detail, which would be the real reason for me not to sign the key;
not because I doubted that the key belonged to them. Remember that you
are not only signing to verify their key, but that they are capable of
using GnuPG responsibly. Yes, they can be separated, but I prefer to
not sign the keys of those who might weaken the WoT.
Greg Sabino Mullane email@example.com
PGP Key: 0x14964AC8 200212101403
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----