Adrian Colomitchi <[email protected]> writes: > My question: why is there a need for any other ID that's different > from the public key?
The entire purpose of a keysigning party is to gather *independent verification* that the key ID is correctly associated with that person. This is why we ask for identifiers that are independent of the web of trust, and why we require the person to assert in our presence that the key is theirs, and why we prefer identifiers that tend to be easily verified and issued by well-known bodies to individual persons by a verifiable process. It is also why no-one needs to sign any key in the presence of anyone else. It's entirely up to the signer whether they are satisfied with the key-holder's identity, and they can wait until after the party to sign or not. > I.e.: the "sufficient certification" should actually be "We, the > signers of this public key, certifies this public key belongs to a > person we trust"? A keysigning party is designed to make it easier for people who may not have sufficient people in close proximity who trust merely their word, to meet many people at the same time and make worthwhile their efforts to present verification of identity. > (and, of course, refuse to sign a key for any person they don't actually > trust, no matter the govt issued ID-es or anything else). You don't have to trust a person in order to sign their key. You are not asserting trust; that's entirely your business, and you never need to disclose it. Rather, your signature on a key says *only* that you have verified the person's identity and the person tells you this key is controlled by them. > Why would one need to ask something in addition (impose extra > requirements that don't add much to the "trust relationship"?) Key signatures are about asserting identity, not about trust. Trust depends on reliable identity, but is not the same thing. GnuPG maintains an entirely separate database for trust (specifically, your level of trust that the key-holder can competently manage their key and signatures) – and it is entirely private to you. -- \ “It's dangerous to be right when the government is wrong.” | `\ —Francois Marie Arouet Voltaire | _o__) | Ben Finney _______________________________________________ Free-software-melb mailing list [email protected] http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
