Re: GPG and Signing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/01/07 17:24, John Hasler wrote:
> I wrote:
>> Again I have to ask, what is "identity"? That is not a flippant
>> question. Think about it.
>
> Ron Johnson writes:
>> In the metaphysical sense or the practical sense?
>
> Practical, but not "commonsense".
>
> Does your bank need to know "who you really are" in order to safely let you
> withdraw money from your account, or do they just need to know that you are
> the person who opened the account? (Ignoring government regulations for
> the moment.)
An ATM machine's threshold of "trust in identity" is account number
and PIN. Meat sack tellers (who don't recognize you) want to verify
your signature with a Government Issued ID Card.
Yes, it could be a forgery, and someone could have stolen your
wallet and forced you to fess up your PIN, but that's all the bank,
super market, etc, etc can go on.
Just as with the GPG Web Of Trust, meatspace relies on a web of
trust. In "modern" societies it radiates from the government, and
in "other" societies (including our own, in previous times), it is
based on, well, traditional means: face-to-face conversation,
letters of introduction, etc, etc.
But, even then, a ner-do-well could waylay the person carrying the
letter of introduction and steal his identity. Or, at least he
could in stories...
> Does Debian need to know "who I really am" to safely let me upload
> packages, or do they just need to know that I am the same John Hasler who
> has been uploading packages for the last nine years and who exchanged key
> signatures with a couple of DDs at the IETF meeting in Minneapolis in 1998?
All they care about is the GPG web of trust.
- --
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGED0BS9HxQb37XmcRAuL5AKDWMIZeyEH/6DB31/O9jnz+9aGLTwCgmzhe
o6rTMXrinXa0AeYpgBGaChM=
=D5NA
-----END PGP SIGNATURE-----
Reply to: