[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Signing keys of people far away


 at this point this is just an academic musing, but I though this could
 come handy for some people.

 There's a guy in Costa Rica whom I've known for about 5 or 6 years.
 Since I moved to Germany in late 1999, I haven't met him in real life
 since then, but we keep in contact.  Recently he told me he's
 interested in becoming a developer and I explained him the issue of
 identification.  If he really becomes a developer, I don't think there
 would be a problem with getting his _unsigned_ key in the key ring
 since mine got into the keyring under the same conditions.

 Then I remembered the old PGP documentation contained something like a
 over the phone identification protocol which I can't find again.
 Basically I can identify this person if I see a picture of him, and I
 can recognize his voice over the phone.  Even further, there's
 information which is shared by the two of us and which isn't that easy
 to get by without being one of us.  My question is: has anyone a more
 formal description of a protocol for signing keys under this
 circumstances?  Something akin to Manoj's key signing protocol perhaps?

 Like I said, at this point this is just an academic musing since he
 says it will take some time before he feels comfortable submitting his
 application and perhaps I'll meet him in the meantime.

Marcelo             | Death was Nature's way of telling you to slow down.
mmagallo@debian.org |         -- (Terry Pratchett, Strata)

Attachment: pgptDhJ36bluT.pgp
Description: PGP signature

Reply to: