On Sun, Apr 01, 2007 at 10:54:27AM -0500, Ron Johnson wrote: > On 04/01/07 10:29, Brad Rogers wrote: > > On Sun, 01 Apr 2007 10:05:07 -0500 > > John Hasler <jhasler@debian.org> wrote: > > > > Hello John, > > > >> "ID" is a slippery concept. What does it mean to "know who someone > >> is"? > > > > Indeed. However, with some sort of photo ID, such as passport of > > driving license, and knowledge of the relevant key fingerprint, it's > > possible to be fairly sure you're dealing with the person that created > > the public key. So long as the details all match, whether that's their > > "real" ID is moot. > > A couple of years ago there was a very long thread on what it means > to "trust". The bottom line was that you can't perfectly know, and > that all you can do is "your best" at verifying his identity, and > then have faith. > I have a question, and I think it's best to fork the thread from here: Is it a bad practice to verify keyrings of people on the mailing list, or is it better to wait until I meet up with some of them at say Debconf or something similar?
Attachment:
signature.asc
Description: Digital signature