On 9/6/13 4:10 PM, Ted Lemon wrote: > On Sep 6, 2013, at 6:42 PM, Joe Touch <[email protected]> wrote: >> I've noted elsewhere that the current typical key-signing party >> methods are very weak. You should sign only the keys of those who >> you know well enough to claim you can attest to their identity.
> This is a ridiculously high bar. The bar should be about at the > level of a facebook friend request. People's personal policies about Facebook friend requests seem to be all over the map, so I'm not sure what that means in practice. I'm not sure that's a great model in any event, since when you vouch for someone's identity - in an authoritative trust system - you're also vouching for the authenticity of their transactions. Those transactions would also include *them* making attestations about the identity of people you've likely never heard of. Melinda
