Hi all,Yes, we do. He claimed in person that he has the private key who's fingerprint you compared (remember? Two Vs? One for correct fingerprint, one for correct person). The process of making sure the fingerprint matches the private key is done automatically by gpg.
Here are some thoughts that've been preying on me wrt how we do keysigning. Comments welcome.
1. What we actually check when we look at someone's ID card/driver's license/
passport/etc, is that he's an Israeli (or other) citizen under that name. But we don't actually check he has access to the private key in question.
After all, everyone knows my pub key ID and fingerprint. This may be a hole hard to exploit, but I still don't like it.They need to forge your ID. Not so hard, I guess. Assuming you trust the ID, this is rather unbreakable.
Knowing your fingerprint will not help me one bit.
Possible solution: create a test text/file on the spot at the keysigning party and require participants to sign it, thus demonstrating they indeed have the private key. The problem with this is that everyone would have to bring a laptop or have access to an utterly trustable machine, so it seems impractical at this point.And doesn't add any layer of security. Can you please show an attack vector?
2. For some reason, noone seems to use the option of adding a photo to their gpg key. (Except for me that is :-) Why is that? Photos, printed out along with fingerprints on the list Muli handed out today, would make paper ID-And put even more personal data easilly available to everyone on the net??? No thanks. Having to put email is bad enough.
based authentication much more reasonable and a solution to (1) far less necessary. Especially since we all know what photos in ID cards are like. Photos in GPG keys can be more easily kept uptodate and similar to our actual appearences. (At least for people with digital cameras...)
3. And finally the biggest problem: people, use your keys! :-) Why do so few people routinely sign their outgoing mail? (Few compared even to how many participants there were in the keysigning party today.)Signing all outgoing messages is about as bad an idea as signing all incoming papers. If you get a signed message from me saying "go ahead with the deal" - what does it mean? Which deal was that? Remeber - with GPG the mail headers, which include the timestamp, are not signed, and can be replayed. No, thanks. I'll sign those messages that I think people need to know are really from me. Everything else can be as it is.
Your key is half-useless if you don't sign everything you do. You can still prove that every signed message comes from you, but you can't prove that some random unsigned message doesn't. Someone can still pretend to be you, or intercept and change your mails.
Don't forget - in Israel, a digital signature is legally binding.
Shachar
-- Shachar Shemesh Open Source integration consultant Home page & resume - http://www.shemesh.biz/
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
