[147621] in cryptography@c2.net mail archive
Re: [Cryptography] PGP Key Signing parties
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Fri Oct 11 13:31:17 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 11 Oct 2013 13:24:44 +0200
From: Eugen Leitl <eugen@leitl.org>
To: cryptography@metzdowd.com
In-Reply-To: <DA4DC953-7391-440C-8AA3-454D65E207AB@nerdnet.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Thu, Oct 10, 2013 at 04:24:19PM -0700, Glenn Willen wrote:
> I am going to be interested to hear what the rest of the list says about
> this, because this definitely contradicts what has been presented to me as
> 'standard practice' for PGP use -- verifying identity using government issued
> ID, and completely ignoring personal knowledge.
This obviously ignores the threat model of official fake IDs.
This is not just academic for some users.
Plus, if you're e.g. linking up with known friends in RetroShare
(which implements identities via PGP keys, and degrees of
trust (none/marginal/full) by signatures, and allows you to
tune your co-operative variables (Anonymous routing/discovery/
forums/channels/use a direct source, if available) depending on
the degree of trust.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
