Re: GPG and Signing

To: debian-user@lists.debian.org
Subject: Re: GPG and Signing
From: John Hasler <jhasler@debian.org>
Date: Mon, 02 Apr 2007 20:55:37 -0500
Message-id: <[🔎] 87d52m9q7a.fsf@toncho.dhh.gt.org>
In-reply-to: <[🔎] 46103D02.9040302@cox.net> (Ron Johnson's message of "Sun, 01 Apr 2007 18:15:14 -0500")
References: <[🔎] 20070401023012.GA8019@localhost> <[🔎] 460F33BA.3090506@cox.net> <[🔎] 20070401112654.5f89ad09@think.homenet> <[🔎] 20070401121106.GD3516@localhost> <[🔎] 20070401122439.GA3786@localhost> <[🔎] 20070401123711.GA4646@localhost> <[🔎] 20070401134247.09de9e9e@abydos.stargate.org.uk> <[🔎] 20070401133519.GA6182@localhost> <[🔎] 20070401145951.464a5cd8@abydos.stargate.org.uk> <[🔎] 87fy7kf84c.fsf@toncho.dhh.gt.org> <[🔎] 20070401162934.6baa904c@abydos.stargate.org.uk> <[🔎] 460FD5B3.6030804@cox.net> <[🔎] 87y7lcdlxt.fsf@toncho.dhh.gt.org> <[🔎] 46102160.5010800@cox.net> <[🔎] 878xdbens6.fsf@toncho.dhh.gt.org> <[🔎] 46103D02.9040302@cox.net>

Ron Johnson writes:
> An ATM machine's threshold of "trust in identity" is account number and
> PIN.

That is authentication, not identification.

> Meat sack tellers (who don't recognize you) want to verify your signature
> with a Government Issued ID Card.

A mistake.  The teller should authenticate (_authenticate_, not identify)
you with a secret shared by only you and the bank.

> Just as with the GPG Web Of Trust, meatspace relies on a web of trust.

An easily subverted ad-hoc one.

> All they care about is the GPG web of trust.

Debian cares that I am the same person who was authorized to upload
packages in 1998.  They don't care if I am the person who files tax returns
using the name John Hasler and a particular SSN.  They are not interested
in where I was born.  Only governments and identity thieves are interested
in complete life histories.
-- 
John Hasler

Reply to:

References:
- GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: GPG and Signing
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: Florian Kulzer <florian.kulzer@icfo.es>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: GPG and Signing
  - From: John Hasler <jhasler@debian.org>
- Re: GPG and Signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: GPG and Signing
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: GPG and Signing
  - From: John Hasler <jhasler@debian.org>
- Re: GPG and Signing
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: GPG and Signing
  - From: John Hasler <jhasler@debian.org>
- Re: GPG and Signing
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: Noobe XDM questions
Next by Date: Re: test message
Previous by thread: Re: GPG and Signing
Next by thread: Re: GPG and Signing
Index(es):
- Date
- Thread