Virtual Keysignings

[CL Gilbert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ingo Kl=F6cker wrote:
| On Monday 09 June 2003 17:51, Carl Gilbert wrote:
|
|>I am only suggesting that a face to face meeting does not convey an=
y
|>additional information, well besides a face of course.  That is the
|>only part that I question.  For me, face to face is no more valid
|>than an email.  If you met me face to face the only thing you would
|>learn is how I look.  How does this benefit you above what you have
|>from my emails?
|
|
| If we met face to face we could physically exchange our fingerprint=
s.
| This would allow me to verify that a guy called Carl Gilbert does
| really exist. And it would tell me that this Carl Gilbert is really=
 the
| owner of the key the fingerprints corresponds to after I verified t=
he
| email address(es) on the key with a challenge.
|
| Without a fact-to-face meeting I could only tell that someone who o=
wns a
| certain key has access to a certain email address by sending a
| challenge to this address. If the name of this person is irrelevant
| then this might be enough. But if you have a contract with this per=
son
| then you'd better be sure that he really used his real name to sign=
 the
| contract. Else you might have difficulties to find this person in c=
ase
| he breaks the contract and vanishes with your money.
|
| Regards,
| Ingo
|

OK.  Yes.  If you want to venture out of cyberspace so to speak, then
you definitely need to do so.  Else you have no idea who you are deal=
ing
with.  If its money, then I would need a contract or some document
showing that the other party is doing business under the assumed name=
 of
'0x80d20a2d' or maybe the whole ID is necessary for legal purposes.  =
I
agree, I would need to have someone I can connect to that key when al=
l
hell breaks loose.

But I disagree that my trust levels would not benefit you.  I would
never give anyone complete trust unless they were someone I knew
personally like a co-worker or school-mate, neighbor, etc.  Even meet=
ing
at a key signing party is not enough.  Hmm, but it appears I am using
the trust model wrong.  because knowing who someone is does not mean =
you
trust them.  Seems like something is missing here.  Be nice to give a
confidence level on a signature.  Anyway, I cant see giving anyone an=
y
level of trust unless I knew them personally.  Could you?

- --
L8r,


Carl L. Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiaste=
s 9:16
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+5fLlVbJM14DSCi0RAj/kAJ9o8VWhOAfwNK/INLq8zApfYCxJNACfZjxe
8ssKKULCxLutta3TNYuOph4=3D
=3DnTe1
-----END PGP SIGNATURE-----