From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 22:51:07 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: [local] Report on Portland Cpunks meeting
In-Reply-To: <v02120d5fad2b9e99eb08@[192.0.2.1]>
Message-ID: <199601241431.JAA13316@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green writes:
> At 16:40 1/23/96, Perry E. Metzger wrote:
> 
> >Each person gets a sheet. Either each person in the room reads their
> >fingerprint in turn from their own copy, with each person in the room
> >checking the read fingerprint against the fingerprint on the handout,
> >or an appointed reader (or set of readers at the last IETF) read the
> >fingerprints in turn and ask the owner of the key to then simply say
> >"yes" or "its mine" or whatever to verify that the fingerprint matches
> >their own copy of the print.
> 
> How do they verify that the person confirming the fingerprint is indeed the
> person supposedly owning the key?

Thats up to the people signing. In most cases in that sort of
environment, you know about 30% of the people in the room, and you
sign their keys (and no one elses, which is reasonable).

In other environments, people could go about afterwards and examine ID
or whatever it would be that they would want to do.

.pm