Third party information
Tue Dec 10 20:05:01 2002

Hash: SHA1

> I'm convinced that I have the correct key. I declined to sign it
> as a matter of policy.

You also could have exchanged secret phrases and built from there by having 
him encrypt the phrase with the key and mail it to you.

> *Two* picture IDs is fairly paranoid in a country that has mandatory
> high tech ID cards. I agree though, that challenging the e-mail
> addresses should be SOP.
> I was just wondering how much circumstantial evidence might be
> enough to replace the fingerprint.

I think you had more than enough (especially if anyone else there could 
vouch for his key) but the leaving off of the fingerpring from the 
documentation makes me question the person's diligence and attention 
to detail, which would be the real reason for me not to sign the key; 
not because I doubted that the key belonged to them. Remember that you 
are not only signing to verify their key, but that they are capable of 
using GnuPG responsibly. Yes, they can be separated, but I prefer to 
not sign the keys of those who might weaken the WoT.

Greg Sabino Mullane
PGP Key: 0x14964AC8 200212101403