Signing people with only one form of ID?

Brian Smith brian at briansmith.org
Fri Feb 29 18:40:27 CET 2008


Richard Hartmann wrote:
> > I don't see how a keysigning party works. Anybody that 
> > participates by  showing ID is reducing their personal
> > privacy by divulging their personal information.
> 
> The basic assumption is that a key signing is good and that 
> you actually gain something from it.

That is the assumption that I am challenging.

> In some countries, you simply have to carry it on you, end of 
> story. You might as well enjoy the few benefits.

> In the US, they are just using credit cards and the ability 
> to block money on your account for their own use in stead of 
> ID. This is basically an ID with electronic traceability 
> (people _know_ you were in X, renting a car.
> And they can look it all up in a central location).

These are things I want to help change. 

> > In doing so, I think it will be easy to demonstrate why 
> > the current implementation of the web-of-trust via keysigining
> > is  inadequate, especially [with] such a network of people
> > participate in  keysigning parties to promote the authority of
> > their own (bogus) signatures.
> 
> While living in a perfect world is, of course, perfect (for 
> exactly one person) I would rather try and change what I can
> and until such a point, do the things that I can do to make
> the best of actual reality.
> 
> I just hope those people stay as far away from my personal 
> nodes as possible.

There's got to be some mechanism that doesn't require (as much) hope,
and which doesn't require the loss of anonymity, at least for common
uses of PGP like personal email.

> > I don't know how many I will be able to attend, but I will 
> > attempt to get as many as signatures as I can, alternatively
> > using my birth name and a name of my own choosing (possibly
> > copied from somebody with a coincidentally similar appearance).
> 
> This will give you only identities of people who look like 
> you, which is also possible in the real world. The only thing 
> you are proving is the need for better ID for the sake of 
> 'added security'. Gee, thanks ;)

Would better IDs really help? It has got to be hard for a person to say
"I don't trust you or your ID, I'm not going to sign your key."

- Brian




More information about the Gnupg-users mailing list