On Sunday, March 02, 2014 17:48:38 Joseph Apuzzo wrote: > Well within reason, if your showing me a just expired picture ID from a > valid licensing authority ( ex. a government or a state ) I agree. > If your showing me a 1967 NYS drivers license and nothing else then I would > have to say no. > > I'm just giving examples, in the past at a key signing I was confronted > with a 1989 drivers license from Georgia, ( pre-picture ID ) not knowing > the person I refused and they got VERY mad and blamed me. So because of > past events I'm trying to set expatiation correctly. Speaking of which for > every 2 people I sign there keys I only get one of the two to reciprocate. > So I'm also hoping that everyone come through since this is a new 4K key > for me.
This is an area that is commonly frustrating. Part of it is a lack of information ahead of time concerning expectations, and part of it is what is normally considered "official identification" in one's country of origin. For instance I haven't had a need for a US Passport for decades, so I don't have a current one; instead in the US we use our driver's license as official identification, but that's /unusual/ internationally. [Likewise until 9/11 Canada accepted a US driver's license when visiting.] So, at DebConf10 I went to have my GPG key signed by Debian Developers, whereby I ran into a lot of resistance from many DD's "I'm not signing a key from someone without seeing their passport" etc, which was never discussed and thus was unanticipated. Also, before the key signing there were badges made up whereby the person's name used for conference registration was compared with the name used on their GPG key; if they matched /exactly/ then a QR code was printed on the badge giving details of their GPG key, and not otherwise. Nowhere was this stated, so if you say made the mistake of simply using your first and last name but not your middle initial in your GPG key name, but it's on your driver's license, then you wouldn't get a QR code and your badge would look different and "less official", inviting additional scrutiny. During the key signing itself one person handed me what looked like a college ID from an Arabic country. She said it was her official ID from the country, but it was so confusing that I couldn't tell what to make of it. I tried to talk to her about it, but we were all in a line such that discussions held up the line, and she wasn't amenable to discussing it. I thus got first-hand experience with what other Debian Developers were frustrated with concerning US drivers licenses, where each state issues a license that can look quite different. Additionally each person seems to have their own "rules" concerning when they'll sign someone's key or how, and you don't find out what these "rules" are until /after/ the key signing. An example of this was one of the DDs that signed my key signed it with an /expiration date/ on the signature. This got pointed out and questions asked, and AFAIK the answer was weird and didn't fully make sense. The bottom line is that GPG key signing events are difficult. Without detailed information on the intended process there are a lot of assumptions, and thus the procedure isn't totally clear -- and I've never yet seen a key signing done the same way twice. I'm likely not going to be able to make it to this key signing. Instead I'm hoping I can sign individual keys later -- so if anybody recognizes me at a meeting later and would like to exchange GPG signatures, please find me and ask. Look for a laptop with a big Debian swirl on the top/back cover -- AFAIK I'm the only one in the group that has that. That, and in the winter time I wear a black ski jacket with yellow/orange/purple stripes. Likewise there are a number of people I'll likely be asking to see if they'd like to exchange GPG signatures. -- Chris -- Chris Knadle [email protected] _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Mar 5 - 11th Anniversary Meeting - Home Network Show and Tell Apr 2 - Nginx: High-Performance HTTP Server, Reverse Proxy, and IMAP/POP3 Proxy Server May 7 - Google App Engine
