Hi folks, I wrote this up to someone. I thought I'd share it, and get your thoughts. (e.g. anybody see any weaknesses in #1-#3 that *aren't* present in the typical meet, check ID, get GPG fingerprint, assuming #4 is always used afterwards?)
On Tuesday 31 May 2005 08:44, Wesley J. Landaker wrote: > For instance, I don't know if this is officially acceptable or not, but I > would probably be willing to sign someone's key even if I hadn't met them > in person, if I got in the mail: > > 1) A picture of them holding a recent newspaper with their GPG > fingerprint and signature written on it. (This would relate the person's > face & signature with their GPG key, and verify that it's recent). > > 2) A copy of an acceptable (probably government-issued, non-expired) > picture ID. (This would relate the person's face with their "government" > identity). > > 3) A signed, dated, and notarized statement saying something to the > effect of "My name is ______, my active e-mail that I control is > [EMAIL PROTECTED], and the GPG fingerprint of my active key that I > control and is not compromised is ______________________. Attached to > this statement is a picture of me with a newspaper dated _______ with the > same GPG fingerprint, and a copy of my _______ photo ID, which I have > shown to the undersigned notary. Signed __________, notarized by > ___________." (Relates the date (which should be reasonably close to the > time when the picture in #1 was taken--a few weeks at the most), their > name, e-mail, and GPG fingerprint together by the statement, and the > picture from #1, and with their "government" identity, as that is checked > by the notary). > > 4) I'd sign the key, and send the updated key to the e-mail address > given, signed by the GPG key with the fingerprint given. (Relates the > e-mail address with the GPG key, as if they can't get the e-mail or > decrypt the e-mail to get the signature, it effectively hasn't really > been signed). -- Wesley J. Landaker <[EMAIL PROTECTED]> OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2
pgpTmKyVwiLKk.pgp
Description: PGP signature