Fri Jun 6 06:54:03 2003
Content-Type: text/plain; charset=us-ascii
On 05-Jun-2003, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Thursday 05 June 2003 16:33, Daniel Luebke wrote:
> > What do you think of signing a person (or having a keysigning party)
> > which is conducted through a video link?
> In my opionion, it is not really a question of the medium you use. If
> I know a person, I'd not hesitate to sign a key even only speaking on
> the phone, or from a faxed request when I have enough circumstancial
> evidence that it's the real person (is it somebody who would ask me to
> sing his key, voice of course, handwriting, ...).=20
That is exactly the issue though: Unless you trust the medium, you
*cannot know* that the person at the other end is who you think they
Meeting in person, you have only to be convinced that the person
standing in front of you is who they say they are. The medium, then, is
merely the air between you and your own senses; you won't get a more
trustworthy medium than that.
Any additional medium placed between you must be trusted *in itself* to
be uncompromised, quite separately from your trust for the person at the
other end. You may trust the medium of a video link has not been
compromised. But what about a phone line? A recorded statement? An
email? An instant message system? A typewritten letter in the post?
A combination -- a typewritten letter, faxed, then couriered to you?
In all of these instances, before you can even begin to consider whether
you trust the identity of the person at the other end, you must decide
your trust for the medium -- and therefore of the people managing that
medium, and everyone involved in getting the message to you.
You can decide your own level of paranoia for these instances; but to
claim "it is not really a question of the medium you use" is quite
\ Eccles: "I just saw the Earth through the clouds!" Lew: "Did |
`\ it look round?" Eccles: "Yes, but I don't think it saw me." |
_o__) -- The Goon Show, _Wings Over Dagenham_ |
email@example.com F'print 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----