From: “Joshua E. Hill” <jehill@w6bhz.calpoly.edu>
To: tcmay@got.net
Message Hash: 9f0831099d47bc8e6e603845e634018d343f1f6b5b65212838482ea9ab843c54
Message ID: <199706120709.AAA05445@hyperion.boxes.org>
Reply To: <v03102802afc52bfb5491@[207.167.93.63]>
UTC Datetime: 1997-06-12 07:15:21 UTC
Raw Date: Thu, 12 Jun 1997 15:15:21 +0800
From: "Joshua E. Hill" <jehill@w6bhz.calpoly.edu>
Date: Thu, 12 Jun 1997 15:15:21 +0800
To: tcmay@got.net
Subject: Re: Photo ID is not needed for key signings....
In-Reply-To: <v03102802afc52bfb5491@[207.167.93.63]>
Message-ID: <199706120709.AAA05445@hyperion.boxes.org>
MIME-Version: 1.0
Content-Type: text/plain
Tim May said:
> "Sigh." Why do people persist in thinking that a photo ID is useful for PGP
> keysignings?
Because _these_ people _are_ binding true names to keys. That's what
_this_ is about.
These people are saying "I know of sufficient proof that this
person is who they say they are". You can do this with a person
you know without the aid of photo id, even if the "true name" isn't
in the key. Alternatively, (as is the case here) you can verify the
identify of unknown people with sufficient photo id.
And so each person becomes their own Verisign...
That sounds a lot like the web of trust... each person assigns a
certain amount of trust to others... If I believe that Joe makes
absolutely certain that any key he signs is valid then I assign him
a high trust. If Joe chooses to sign somebody's key because he saw
five forms of ID and did a credit check, spiffy. If Joe signs a
key because it happens to be his brother, even better. But the point
is that I trust Joe.
How people choose to verify other's identity is somewhat irreverent.
More important, I think, is the question of who to trust. So Tim,
if you think that photo ID is a poor method of verifying someone's
identity, doesn't sign a key on that alone. Also make sure that the
people you assign trust to have the same ideas about photo id.
For others who don't share your thoughts on this matter, they can feel
free to trust photo ID. And still others can trust them (thus trusting
photo ID by proxy)... But that's what the web of trust is about. Each
person can trust different things (and people)... I think that's what
makes the web of trust so flexible. Each person is free to choose who
and what they trust.
Josh
-----------------------------Joshua E. Hill-----------------------------
| You never find a lost article until you replace it. |
------------------------jehill@w6bhz.calpoly.edu------------------------
Return to June 1997
Return to ““William H. Geiger III” <whgiii@amaranth.com>”