Virtual Keysignings
Adrian 'Dagurashibanipal' von Bidder
avbidder@fortytwo.ch
Thu Jun 5 18:23:02 2003
--Boundary-02=_k623+7AUFRxMVDR
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Thursday 05 June 2003 16:33, Daniel Luebke wrote:
> Hi Everybody!
>
> I have a question about keysigning: What do you think of signing a
> person (or having a keysigning party) which is conducted through a video
> link?
> On the one hand it would be a great opportunity to establish trust (you
> can show your passport into the camera, the picture must match the
> person), on the other hand you're doing this through an untrusted medium
> (internet- or telefon-line-link) which you could indicate through the
> sig-class?
> What are your opinions about this topic?
In my opionion, it is not really a question of the medium you use. If I kno=
w a=20
person, I'd not hesitate to sign a key even only speaking on the phone, or=
=20
from a faxed request when I have enough circumstancial evidence that it's t=
he=20
real person (is it somebody who would ask me to sing his key, voice of=20
course, handwriting, ...).=20
When I do not know a person at all, I guess I'd hesitate before signing a k=
ey=20
only based on a video link. But if, for instance, the person is known to=20
somebody at the other end who recommended me to him, the situation is=20
different again. It really comes down to: do you feel reasonably sure that=
=20
the other person is who it is? Which is something nobody else can answer fo=
r=20
you.
To help others assess the quality of your signatures, you can use a policy =
URL=20
(something like I do, perhaps, if you look at my signature - dunno if your=
=20
mailer displays the URL) or a Notation, to include some data about the=20
circumstances of the signing with the signature.
greetings
=2D- vbi
=2D-=20
Available for key signing in Z=FCrich and Basel, Switzerland
(what's this? Look at http://fortytwo.ch/gpg/intro)
--Boundary-02=_k623+7AUFRxMVDR
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iKcEABECAGcFAj7fbqRgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjQmbWQ1c3VtPTgxNjMwYmFhYmU5YTA2NzBi
YjE5YzFmYTg1MjdhN2FiAAoJEIukMYvlp/fW3NcAoKVqhgq+1HqVAr1IjcLEYF/m
OQXZAKDLBTbiKxGo/eeT3BZ9bKSB/grtEw==
=LMlj
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.4&md5sum=81630baabe9a0670bb19c1fa8527a7ab
--Boundary-02=_k623+7AUFRxMVDR--