signing a robot's key - was: Re: Global Directory signatures
jdbeyer at exit109.com
Mon Jan 3 15:11:15 CET 2005
Mark H. Wood wrote (in part):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Sat, 1 Jan 2005, Neil Williams wrote:
>>On Saturday 01 January 2005 4:40 pm, Mark H. Wood wrote:
>>>So, looking up PGP Corporation in the phone book, calling their corporate
>>>headquarters, and verifying the fingerprint with a person wouldn't help?
>>1. You are still trusting an unknown person you've never met to give you the
>>right information, just on the basis of their employer.
> How is this different from trusting an unknown person I've never met
> (before) on the basis of his being able to produce a couple of cards which
> have his likeness (more or less) and the name he gave me? One reason I
> haven't been to any keysigning parties is that I wouldn't trust my ability
> to verify someone's identity.
> An artificial person is a lot easier to check out than a natural person.
> Have *you* been eyeballed by SEC, D&B, the states of California and
> (probably) Delaware, and a host of commercial banks? I haven't. Having
> established that PGP is likely on the up and up, how likely is it that
> they wouldn't take reasonable care with the security of one of their
> services' keys, given that their entire income stream is based on a
> reputation for reasonable security?
I was eyeballed by the FBI when I became a U.S.Citizen, and again when I
needed a SECRET security clearance with the U.S.Navy's Bureau of Weapons
(I think it was called). But you know, that may not prove anything either.
Because what is my primary document that proves I am me? And who is ME
anyway? To establish my identity to the INS, I provided a notarized slip
of paper from my grade school giving my name and date of birth. And my
grade school and high school diploma. I do not remember if I had my
college degree in hand yet (though I had earned it). But the board of
education got that date from my father who told them. He had no documents
to prove it (my birth certificate was destroyed in WW-II by the Nazis).
So, if I were a hyperskeptic, I could not be sure the guy I grew up with
is really my father, nor could I really know my exact age. But the Bureau
of Weapons was satisfied that I (or whoever they thought they
investigated) would not betray their secrets. And how did I get access to
their secrets? I went to where the secrets were kept, told my name to the
person at the desk at the front door, where guards with submachine guns
were standing around, and they asked where my clearance was. I told them
Johnsville, MD., they telephoned someone, and I walked in. They did not
even check my driver's license (no photo id in those days) to see if I
were who I said I was.
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 08:55:00 up 2 days, 22:14, 3 users, load average: 4.26, 4.24, 4.19
More information about the Gnupg-users