1993-11-15 - Re: True Name keys

Header Data

From: J. Michael Diehl <mdiehl@triton.unm.edu>
To: cman@IO.COM (Douglas Barnes)
Message Hash: 2ca2abfa0dab9ea13f48e0ac9dbe81e9417ba65d8573048256993ab4ff72bcb7
Message ID: <9311150706.AA03132@triton.unm.edu>
Reply To: <9311150654.AA11738@illuminati.IO.COM>
UTC Datetime: 1993-11-15 07:10:19 UTC
Raw Date: Sun, 14 Nov 93 23:10:19 PST

Raw message

From: J. Michael Diehl <mdiehl@triton.unm.edu>
Date: Sun, 14 Nov 93 23:10:19 PST
To: cman@IO.COM (Douglas Barnes)
Subject: Re: True Name keys
In-Reply-To: <9311150654.AA11738@illuminati.IO.COM>
Message-ID: <9311150706.AA03132@triton.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


According to Douglas Barnes:
> 
> 
> You mention that you feel there is a conflict of interest if you
> were to charge money to sign keys.
> Actually, by charging money, I think you would greatly enhance
> the weight that people gave to your certification, and by leading
> out with a fee/service arrangement, you would be able to avoid
> the kind of overload that, say, Julf has run into with penet.

These are very good points.  After I get this whole thing put together, I may
have an introductory special.... ;^)

> If you were to get enough business, you could then just farm the
> whole thing out to a local notary/clerk type who would probably
> have more experience with identity documents, the work of other
> notaries, etc. 

And you would be force to trust him, also...and anyone else I may farm this out
to.  Not this kid. ;^)

> Another thought: offer various levels of certification, based
> on the level of documentation. E.g., one level for xeroxes of
> id documents (you may just want to rule this out), another level 
> for notarized copy of driver's licence, another for notarized
> copy of d.l. and birth certificate, etc. etc.

I was thinking of issuing a signed certificate to the customer indicating 
exactly why I signed his key.  This could be presented to other people who 
question my signature.  As per my policy, which can be gotten via finger, I will
sign a key iff any of the following is true:

1. I watched him generate his key.
2. I know the person by sight, and can verify his key.
3. He proves, with picture id, in person, that the public key is his.
4. He sends me a photocopy of his picture id and a signed statement   
     containing the pgp footprint of his key.
5. His key is signed by someone whom I trust to sign keys.

Note that #5 implies that the other signer has the same policy.  My policy will
be stated in my certificate.  Comments?


J. Michael Diehl   ;^)  |*The 2nd Amendment is there in case the 
mdiehl@triton.unm.edu   | Government forgets about the 1st!  <RL>
Mike.Diehl@f29.n301.z1  |*God is a good Physicist, and an even 
    .fidonet.org        | better Mathematician.  <Me>
al945@cwns9.ins.cwru.edu|*I'm just looking for the opportunity to 
 (505) 299-2282 (voice) | be Politically Incorrect! <Me>
Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. 




Thread