Re: GPG and Signing
Ron Johnson writes:
> An ATM machine's threshold of "trust in identity" is account number and
> PIN.
That is authentication, not identification.
> Meat sack tellers (who don't recognize you) want to verify your signature
> with a Government Issued ID Card.
A mistake. The teller should authenticate (_authenticate_, not identify)
you with a secret shared by only you and the bank.
> Just as with the GPG Web Of Trust, meatspace relies on a web of trust.
An easily subverted ad-hoc one.
> All they care about is the GPG web of trust.
Debian cares that I am the same person who was authorized to upload
packages in 1998. They don't care if I am the person who files tax returns
using the name John Hasler and a particular SSN. They are not interested
in where I was born. Only governments and identity thieves are interested
in complete life histories.
--
John Hasler
Reply to: