On Sat, Nov 08, 2003 at 04:42:47PM NZDT, Volker Kuhlmann wrote: > > I'd also just like to suggest that if people are really going to expect other > > members to sign crypto keys for them, that we all bring some sort of > > (semi)-official identity document to the meeting. > > How far do you want to go? Do you want to accept driver's licenses or > require passports? Anything without photo or not issued by the > government should be out.
Any official ID should do. I've got Canadian and NZ driver's licenses, but I also have a current passport handy. However, not everyone does have a current passport, and I don't think it's safe to assume that everyone has a driver's licence. I'm satisfied with any gov't issued photo id. > How do you want to do the signing - if right > there, will there be a safe computer available? Does "safe" mean > freshly installed without network connection from known good media > (e.g. vendor-supplied)? Do you plan on giving people a chance to create > their keys after the talk, and then have them signed? How much entropy > is there in a box idling in a corner which is used to generate a bunch > of keys in a short timeframe? I don't think it's that trivial to do, > and not doing it properly risks compromising the purpose. Signing isn't done at the meeting. All you need to do is verify the identification and take a copy of the key fingerprint. On your own time, at your own machine, retrieve the key from the keyserver (or they may have emailed you the key) and read the fingerprint from the key. If they match, you have a winner and you can sign the key. If they don't match, you might want to get in touch with the other person and let them know. For ease of fingerprint checking, it's worthwhile to print out a bunch of little slips of paper with your fingerprint on it. That helps prevent transcription errors. (I'm sure there's a little dyslexia everywhere, and long strings of hex digits are quite susceptible to it.) Greg --- -
pgp00000.pgp
Description: PGP signature
