[FOSDEM] Fake passport at FOSDEM 2016 keysigning?

Daniel Pocock daniel at pocock.pro
Tue Feb 2 10:32:14 CET 2016



A few observations on this:

- at the end of a conference in the US a few years ago, I offered to
sign somebody's key.  They showed me a non-US passport that was only
valid for a few more days and I asked them if many people had noticed
this already and I was told that I was the first.  It left me wondering
how many people really check for expired documents.  The probability
that an expired document is lost or stolen is much higher, amongst other
things, people often don't notice if their old expired passport is
missing and fraudsters keep trying to use documents after they expire
because they have no way to renew them legitimately.

- don't blame the user, blame the training.  Can more be done to train
people, or is this very exercise the best training?

- don't blame the user, blame the system.  If people feel they are
presented with a false document, does PGP provide any way to assert
that?  Or does it only provide for positive assertions of identity?





More information about the FOSDEM mailing list