"der.hans" wrote:
>
> Am 25. Sep, 2002 schwätzte Randy Kaelber so:
>
> > Lather, rinse, repeat. This is why key signing parties are good (bring
> > along a photo ID!). Everyone there can sign everyone's keys, and when
>
> No. Voltage Spike already hit on this problem. Photo IDs only verify who the
> gov't thinks you are ( presuming it's not a forged document ). I don't care
> who the gov't thinks you are. Totally irrelevant. I want to verify that
> whoever you are, the mail I'm getting that claims to be from you really is
> from you.
Well, if you chase this path down to reductio ad absurdum, I have no
way to verify anyone is anyone they claim to be. Continue further down
this path and you run smack into the disciplines of philosophy and
epistemology (and is anybody here in the mood for debates on the merits
of solipsism?).
I only sign keys for personal friends and people I've dealt with for
relatively long periods of time (a year at least). Accepting a key for
use is not the same as signing it. However, at a key signing party, if
I just meet you and sign a key because I meet you face to face, I might
just as well download every key from a key server and sign them all.
I've got to have standards. I suppose I'd be willing to conduct
complete background checks on people before signing their keys, but then
I'd have to charge several hundred dollars for the privilege and change
my name to VeriSign. :-)
Here's the cool thing: If you don't like my signing rules, you don't
HAVE to trust my signature. It's easy as that.
--
Randy Kaelber
Randy.Kaelber@asu.edu
Software Engineer
Mars Space Flight Facility, Department of Geological Sciences
Arizona State University, Tempe, Arizona, USA
"Anarchy is the sure consequence of tyranny; for no power that is not
limited by laws can ever be protected by them." - Milton