-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indranil Das Gupta wrote: > Hi, > > On Tue, 2005-08-23 at 22:46 +0530, Linux Lover wrote: > > [..] > > >>May I be sure of a person's social identity if somebody to whom I have >>called, replied me that the key belongs to him. It may also happen that >>he made me a fax with his key-ID. It may proves his physical identity >>but should I believe his physical identity to whom I do not know at all? >>How do I judge that this is the right person to whom I can trust? > > > Ahem...actually the entire premise of your argument has absolutely > *nothing* to do with Public Key Infrastructure (PKI) security. PKI > doesn't stop you from being a terrorist, rapist, child molester or a > stock market scam artist who will engineer a Dalal street melt-down. > > FWIW, the Indian IT Act 2000 (which created the legal framework for PKI > in India) does not prevent a known offender (or ex-convict) or for that > matter even a rehabilitated extremist from getting a Digital Certificate > or using secure encryption for *legitimate* digital communication. > > It addresses a totally *different* need than your voiced concern. PKI > only attempts to establish that a person's electronic identity is an > actual mapping to that individual's physical self. > > Think about the process of applying for a new ration card and having to > prove (using accepted proofs and testimonials) that you are who you > claim to be, that has nothing to do with the fact that you might > actually be making a living by selling stolen car parts. ;-) > > Lets take up your argument that you may present me with forged > documents. True! you can! Accepting that I accept your forged > testimonials at their face value and sign your key, what does that > really give you?? Absolutely nothing outside this LUG! > Exactly I want to say the same thing, which you just told. LUG is for fellowship and we learn from this fellowship and particularly from fellows. An ecrypted mail inside a LUG or between two lug members are really different than the encrypted mail which you send to your son with your Internet Bank A/c. ID and password. Do you believe we will start share our personal details if we start a key signing party? I think, I can send you my telephone number in an encrypted mail which will not be available to others, it is the maximum limit of us. So, why it is required to check or verify those documents inside a LUG?
> For example your key (bearing my signature) wouldn't be acceptable in an > G2C electronic transaction with Govt of India. You would need to get a > Digital Certificate from a CA recognised by Govt of India (e.g. Sify's > SafeScrypt CA service). They would validate your documents against > regional passport office, your local Motor Vehicles' Dept or even from > Election Commission Database or even with the Income Tax Dept. > > See this http://www.cca.gov.in/ > This is the difference between LUG mails with Govt. of India mails. They need the document and they also have the power to take necessary action if they find forged documents from somebody. They will not only cancell the member by striking off his name from their computer database, rather they also start legal action against him. They have the power. We also seek this service from our Government to whom we need to provide our confidential data. Hope it is now clear why I am not in support of imposing a lot of stricture in the process among our LUG friends. regards Anindya Banerjee > hth, > -indra > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDC+orQsgTNm4Jvc4RAmqrAJ47ec6VwRgwl3uTnDw6B4J/fOMmNwCg15pj TyWCHidirmhSIBQOj5nQbNU= =AtQ/ -----END PGP SIGNATURE----- -- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/node.php?id=3
