Hi, at this point this is just an academic musing, but I though this could come handy for some people. There's a guy in Costa Rica whom I've known for about 5 or 6 years. Since I moved to Germany in late 1999, I haven't met him in real life since then, but we keep in contact. Recently he told me he's interested in becoming a developer and I explained him the issue of identification. If he really becomes a developer, I don't think there would be a problem with getting his _unsigned_ key in the key ring since mine got into the keyring under the same conditions. Then I remembered the old PGP documentation contained something like a over the phone identification protocol which I can't find again. Basically I can identify this person if I see a picture of him, and I can recognize his voice over the phone. Even further, there's information which is shared by the two of us and which isn't that easy to get by without being one of us. My question is: has anyone a more formal description of a protocol for signing keys under this circumstances? Something akin to Manoj's key signing protocol perhaps? Like I said, at this point this is just an academic musing since he says it will take some time before he feels comfortable submitting his application and perhaps I'll meet him in the meantime. -- Marcelo | Death was Nature's way of telling you to slow down. mmagallo@debian.org | -- (Terry Pratchett, Strata)
Attachment:
pgptDhJ36bluT.pgp
Description: PGP signature