[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] GPG keysigning?

also sprach Philip Hands <phil@hands.com> [2009.06.17.1126 +0200]:
> The reason that I suggest shouting is, that despite that meaning
> that there may be a certain amount of chaos at the start as the
> dodgy keys are flushed out, it will establish a norm of rejecting
> dodgy ID, which should work against the default group-think that
> would be encouraging people not to make a fuss, and so err on the
> side of generosity.

On the subject of a dodgy ID:


and of course


> This would also eliminate people that have fake ID from places
> that most people wouldn't recognise at all -- we're almost bound
> to have a local that will recognise it as fake, and so not sign.
> By adding the denouncement procedure that key will get signed by
> nobody at the key signing, rather then getting signed by quite
> a lot of the people who would have been convinced.

You are putting *way* too much weight and importance into the
government-issued document, and basically none into the identity of
the holder. Seriously: we're supposed to be certifying identities,
not the authenticity of a government document.

The only real improvement I know thus far is small groups around
people with well-connected keys (cf. Edinburgh), and a short (!),
mandatory lecture up front on what keysigning endeavours to achieve,
and where the weaknesses are.

 .''`.   martin f. krafft <madduck@debconf.org>
: :'  :  DebConf orga team; press officer
`. `'`
  `-  DebConf9: 24-30 Jul 2009, Extremadura, ES: http://debconf9.debconf.org
"was aus liebe getan wird,
 geschieht immer jenseits von gut und böse."
                                                 - friedrich nietzsche

Attachment: digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Reply to: