[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: kernelcheck

David Paleino <d.paleino@gmail.com> writes:
> On Sat, 20 Jun 2009 09:04:32 +0100, Matthew Johnson wrote:

>> Also, going back to the note about reputation; There's no reason
>> reputation can't be associated with a pseudonym or with a GPG key
>> attached to a pseudonym.
>
> How do you sign such a key? You'd break the web of trust, if you don't
> check at least one government-issued document having a photo.

The web of trust isn't about governments; it's about signing the keys of
people whose identity you've verified.  Governments are just a
convenient proxy to let us expand the web of trust to people whom no
other DD knows in person.

I would happily sign the key of someone with a pseudonym if I had
personal knowledge that the person who's key I was signing was the same
person who was widely known by that pseudonym on-line.  It would
require, in general, a personal friendship or similar detailed
knowledge, but it's possible.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: