[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keysigning Party, et al...

Hash: SHA1

On Tue, 13 Jun 2000, Bernd Eckenfels wrote:

> That wont work. You can't look on the Disk at the party, so you can't verify
> the data which is given to you. You don't need disks. Just write on a small
> piece of paper your fingerprint, keysize, keyid and Name with email address
> and hand that piece to theppl who want to certify you. They can get your key
> from a key server, check it againast the fingerprint. At the key signing
> party, you just check the name against the passport.

This would work as well. :^)

Maybe I am wrong, but I do not feel the need to verify the key on disk.
A disk with UID/Fingerprint pair(s) written on the label, handed to me
by a person who's ID (DL, Passport, etc) I have seen suffices for me
to believe that the key(s) contained on the disk is indeed theirs.
After all, I recieved not just the Fingerprint/ID info for their key,
but *the_key_itself* from their hand. IMHO, that's 100% surety.

And I am prepared to give another that same surety. :^)

Mayhap it would be easier to just do FP/ID verification the way
you suggested, tho.... ;^> The Key<==>User linkage would be almost
as certain as the other way.

/ Clay Crouch                      | <danno@danno.tzo.com>           \
| Shameless Bum Emeritus :^)       | <http://danno.tzo.com/~danno>   |
|               Linux: The choice of a GNU generation.               |
| PGP 94781680: 020E 793B 455D 9737 5956 1A3B 0AE8 807A 9478 1680    |
| GPG 7D2AD631: 2319 2356 FEDF 4631 63F3 762A E443 1C2A 7D2A D631    |

Comment: Made with pgp4pine


Reply to: