On Tuesday, Mar 25, 2003, at 00:36 US/Eastern, Ian Grigg wrote:

On Tuesday 25 March 2003 00:22, Jeroen van Gelderen wrote:
On Monday, Mar 24, 2003, at 22:32 US/Eastern, bear wrote:
On Mon, 24 Mar 2003, Jeroen C. van Gelderen wrote:

It's rather efficient if you want to sign a large number of keys of
people you mostly do not know personally.

Right, but remember that knowing people personally was supposed to be part of the point of vouching for their identity to others.

Not that I heard of. I always understood that I should be 'convinced' of the identity and willing to state that to others.

Well, that's a surprise to me! My understanding of the PGPid signature was that the semantics were loose, deliberately undefined. And, within that limitation, it came down to "I met this guy, he called himself Micky Mouse."

I don't think that is a contradiction. This is just your personal requirements for being 'convinced'.

I've only been to one key signing event, and no
identity was flashed around that I recall.

So, do we have two completely disjoint communities
here?  One group that avoids "photo id" and another
that requires it?  Or is one group or the other so
small that nobody really noticed?

Nah. I think the photo-id case just makes large key-signing parties easier (or possible).

I suspect that for a large group of people (excluding you(?)) the following statement holds:

"When I see a new person for 30 seconds she cannot 'convince' me of her identity. If a passport is flashed in my face in those 30 seconds I actually am quite certain of it."

So there you have it: the difference between being able to sign in 30 seconds, or not. A practical -if not optimal- way to grow the WoT. This does *not* mean photo-id is a pre-condition for signing someone's key. It does *not* mean you should sign a key if you are shown a photo-id. It just *might* make it possible to sign a key where otherwise no certification would be possible.

Yes. But PGP doesn't mandate either interpretation. That is what you
use your trust knobs for: you decide on a per-user basis how
trustworthy an identity certification from that user is. The redundancy
of a well-connected WoT then helps you a bit in eliminating simple

Um. So, there are people out there that I am convinced are who they say they are. They happen to be nyms, but I know that, and they are consistent nyms. Can I sign their key with the highest level?

Why not? It is *your* definition of 'convinced'. Other people will use their trust knobs to translate your judgement to their reliance on said judgement.

Jeroen C. van Gelderen - [EMAIL PROTECTED]

Western Corporations That Supplied Iraq's Weapons Program:

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to