On Tuesday 25 March 2003 00:22, Jeroen van Gelderen wrote:
> On Monday, Mar 24, 2003, at 22:32 US/Eastern, bear wrote:
> > On Mon, 24 Mar 2003, Jeroen C. van Gelderen wrote:
> >
> >> It's rather efficient if you want to sign a large number of keys of
> >> people you mostly do not know personally.
> >
> > Right, but remember that knowing people personally was supposed
> > to be part of the point of vouching for their identity to others.
> Not that I heard of. I always understood that I should be 'convinced' 
> of the identity and willing to state that to others.

Well, that's a surprise to me!  My understanding
of the PGPid  signature was that the semantics
were loose, deliberately undefined.  And, within
that limitation, it came down to "I met this guy,
he called himself Micky Mouse."

I've only been to one key signing event, and no
identity was flashed around that I recall.

So, do we have two completely disjoint communities
here?  One group that avoids "photo id" and another
that requires it?  Or is one group or the other so
small that nobody really noticed?

I'm curious, is all!

> Yes. But PGP doesn't mandate either interpretation. That is what you 
> use your trust knobs for: you decide on a per-user basis how 
> trustworthy an identity certification from that user is. The redundancy 
> of a well-connected WoT then helps you a bit in eliminating simple 
> errors.

Um.  So, there are people out there that I am convinced
are who they say they are.  They happen to be nyms,
but I know that, and they are consistent nyms.  Can I
sign their key with the highest level?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to