Re: Keysigning Party, et al...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 13 Jun 2000, Bernd Eckenfels wrote:
> That wont work. You can't look on the Disk at the party, so you can't verify
> the data which is given to you. You don't need disks. Just write on a small
> piece of paper your fingerprint, keysize, keyid and Name with email address
> and hand that piece to theppl who want to certify you. They can get your key
> from a key server, check it againast the fingerprint. At the key signing
> party, you just check the name against the passport.
This would work as well. :^)
Maybe I am wrong, but I do not feel the need to verify the key on disk.
A disk with UID/Fingerprint pair(s) written on the label, handed to me
by a person who's ID (DL, Passport, etc) I have seen suffices for me
to believe that the key(s) contained on the disk is indeed theirs.
After all, I recieved not just the Fingerprint/ID info for their key,
but *the_key_itself* from their hand. IMHO, that's 100% surety.
And I am prepared to give another that same surety. :^)
Mayhap it would be easier to just do FP/ID verification the way
you suggested, tho.... ;^> The Key<==>User linkage would be almost
as certain as the other way.
Cheers!
____________________________________________________________________
/ Clay Crouch | <danno@danno.tzo.com> \
| Shameless Bum Emeritus :^) | <http://danno.tzo.com/~danno> |
+----------------------------------+---------------------------------+
| Linux: The choice of a GNU generation. |
+--------------------------------------------------------------------+
| PGP 94781680: 020E 793B 455D 9737 5956 1A3B 0AE8 807A 9478 1680 |
| GPG 7D2AD631: 2319 2356 FEDF 4631 63F3 762A E443 1C2A 7D2A D631 |
\____________________________________________________________________/
-----BEGIN PGP SIGNATURE-----
Comment: Made with pgp4pine
iD8DBQE5RYP85EMcKn0q1jERAvM7AKCG0MJsqaUI+YNfdmp3hCIQu8iGjgCgkQz/
uPD6T697XYtvJUUOH0AUfKM=
=NBQe
-----END PGP SIGNATURE-----
Reply to: