How to get your first key signed

Robert J. Hansen rjh at
Thu Oct 1 21:57:36 CEST 2015

(This came just to me, not to the mailing list.  I'm assuming Bob
intended to reply-all and just hit the wrong button.  If I'm in error,
Bob, please forgive me.)

> What would be no use, and possibly harmful, would be to sign that 
> certificate just because you had seen it a couple of times - unless 
> you've met him and certified in person by some means that he is 
> indeed the owner of that pseudonym you cannot ask other people to 
> accept your opinion as to who he is or might be by signing his key.

This depends on what a certification means.

You have a belief that a certification must, _a priori_, be connected to
a legal identity.  This isn't necessarily true.  Imagine there are
thousands, millions, of self-styled prophets who announce tomorrow's
lottery numbers.  They sign each pronouncement.  One particular lottery
prophet has always been right.  Someone then asks you, "So this lottery
prophet, 0xBADD00D5F00DBAD, is he for-real?"

And you could say, "All I know is, the person who uses that certificate
has always been right so far."

And that would be a certification, and that would be a perfectly
appropriate usage of certification.  If other people want to project
onto your certification that the prophet's name is Maurice Micklewhite,
or whatever -- that's their projection and their folly, not yours.  Your
certification was accurate and appropriate.

> Sorry, I don't believe in gods, ghosts or pseudonyms - none of them 
> exist.

Neither does "Bob Henson".  The collection of bits that represent the
glyphs that make up "Bob Henson" has no more connection to you than the
word "gift" does to a ... well, to something.  In German it's poison, in
English it's a present.  Neither one is right or wrong.  What matters is
whether we can use a pseudonym to identify a figure, not whether that
actually happens to be the person's given name.

Look at how many people have read the teachings of Jesus Christ.  Are
his teachings any different just because his name was actually Isho?

Err -- well -- maybe it was Isho.  Probably.  But it was also probably
Yeshua ben Yosef.  Christ grew up speaking Aramaic in conversation and
Hebrew in the temple.  He had two names: in Aramaic he was Isho, in
Hebrew he was Yeshua, and after his death accidents of transliteration
into Greek turned Yeshua into Iesous, which then turned into Latin as
Iesus, and then when Latin invented the J- letter he became Jesus.  Look
at how many names that guy's had over the years, and during his life *no
two groups could agree on his legal name*.

Look at William Shakespeare.  We've got six of his signatures, and they
all have different spellings of his name:

	* Willm Shakp
	* William Shaksper
	* Wm Shakspe
	* William Shakspere
	* Willm Shakspere
	* William Shakespeare

... and these were all recognized as his legal name.  (All six
signatures are on legal documents.)

Names are tremendously fluid instruments.  Charles Martel, the hero of
France, didn't actually have a last name.  "Martel" is an appellation he
picked up on the battlefield: it means "hammer".  Chuck the Hammer was
so named because of how he beat the Moors at the Battle of Poitiers in
732.  Within a few years, the "pseudonym" of Martel became his very real
last name just by dint of how many Frenchmen would look at you funny if
you suggested his name was something *other* than Martel.

If you think pseudonyms don't exist, well--there are two possibilities I
can see.  If you're saying that "all names are really pseudonymous to
one degree or another, so it doesn't make sense to call some names true
names and some other ones fake", then I agree with you.  If you're
saying that "only true names exist and I insist on calling Jesus 'Isho',
Charles Martel 'Charles', William Shakespeare 'Wm Shakspe', and so on,"
then I think you're quite wrong.  :)

I dunno.  If any observant Jews want to argue with me that the
Tetragrammaton is the original true name and that everything else is
pseudonymous, I think that would be a fascinating theological argument
we should have off-list.  :)

> If there is no fairly fixed procedure and standard for signing

There have been a large number of well-meaning, well-intentioned people
who have wanted there to be one--but there isn't one and never has been.

> Why in all the years of use of PGP/GnuPG have the pundits always 
> advocated and laid down rules for key signing parties and face to 
> face meetings?

Nobody has.  They've laid down *guidelines*.  "We think this is a pretty
good procedure to follow, and here's why.  Ultimately, though, it's up
to you."

Last year I was sitting in the audience at a keysigning event emceed by
Samir Nassar.  Samir was absolutely fastidious about how he did things,
but at the same time, he wasn't walking through the aisles of chairs
making sure that everybody was double-checking two forms of government
ID.  How could he?  Crazy to even suggest it.  He did what he could,
accepted there was a lot he couldn't do, and did his best to keep people
informed of the process and why it was the way it was.  Couldn't ask for
better than that.

> If I am obliged (and there you are totally and utterly wrong - I have
> no such obligation) to accord everyone the privilege of being totally
> careless and random about signing keys

It isn't that you're obliged.  It's that *you can't stop them*.

If you want to be King Canute, well--the ocean's that way.  Enjoy the
tides.  As for me, I have learned the wisdom in accepting that some
people will just be foolish and there's nothing I can do to stop them.
The best I can do is to keep my wits about me and learn who acts
foolishly and who acts wisely.  :)

More information about the Gnupg-users mailing list