On Mon, 24 Mar 2003, Ian Grigg wrote: > I must be out of touch - since when did > PGP key signing require a photo id?
It does not. It is improper for a key-signing organizer to dictate signing policy to individuals. When I wrote the Efficient Group Key Signing Method paper[1], I specifically omitted identity verification steps, since it is no one's business but the holder of the key (and those who trust that key as an introducer) what information the holder requires before signing. Incidentally, the GnuPG FAQ perpetuates this fallacy, so Doug is probably not to blame for this mistake. There are better ways of determining identity, and one of the benefits of PGP is that we aren't locked in to a strict, rigid model of how trust is to be assigned. Convincing people that [easily forged] government IDs are sufficient to verify identity is a dangerous practice. A better thing to do is to announce in the key-signing notice that individuals may want to bring government ID in the case that someone attending will require it to satisfy his signing policy -- rather than dictating signing policy to your participants. --Len. [1] http://sion.quickie.net/keysigning.txt --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]