Hi all, Here are some thoughts that've been preying on me wrt how we do keysigning. Comments welcome.
1. What we actually check when we look at someone's ID card/driver's license/ passport/etc, is that he's an Israeli (or other) citizen under that name. But we don't actually check he has access to the private key in question. After all, everyone knows my pub key ID and fingerprint. This may be a hole hard to exploit, but I still don't like it. Possible solution: create a test text/file on the spot at the keysigning party and require participants to sign it, thus demonstrating they indeed have the private key. The problem with this is that everyone would have to bring a laptop or have access to an utterly trustable machine, so it seems impractical at this point. If and when we get keypair-based digital IDs instead of paper ones, there should also be commodity carryable devices used to sign with those keys, so this poblem will be solved. Any other solutions meanwhile? 2. For some reason, noone seems to use the option of adding a photo to their gpg key. (Except for me that is :-) Why is that? Photos, printed out along with fingerprints on the list Muli handed out today, would make paper ID- based authentication much more reasonable and a solution to (1) far less necessary. Especially since we all know what photos in ID cards are like. Photos in GPG keys can be more easily kept uptodate and similar to our actual appearences. (At least for people with digital cameras...) 3. And finally the biggest problem: people, use your keys! :-) Why do so few people routinely sign their outgoing mail? (Few compared even to how many participants there were in the keysigning party today.) Your key is half-useless if you don't sign everything you do. You can still prove that every signed message comes from you, but you can't prove that some random unsigned message doesn't. Someone can still pretend to be you, or intercept and change your mails. Also, when some forum (m/l or whatever) reaches a certain percentage of signed posts, many people begin filtering out all non-signed posts. (This happened on the frost boards in Freenet.) Your unsigned message (fex to a m/l you're not subscribed to, where you don't know the rules) might get ignored in this way. -- Dan Armak Matan, Israel Public GPG key: http://dev.gentoo.org/~danarmak/danarmak-gpg-public.key Fingerprint: DD70 DBF9 E3D4 6CB9 2FDD 0069 508D 9143 8D5F 8951
pgp00000.pgp
Description: signature
