[FOSDEM] Keysigning party / trusting government-issued ID?
daniel at pocock.pro
Fri Jan 6 11:08:17 CET 2017
On 05/01/17 21:31, Johan van Selst wrote:
> Hi Daniel,
> Daniel Pocock wrote:
>> Will people be trusting Government-issued ID documents at the
>> keysigning party this year? What are the alternatives? Would
>> anybody be interested in expanding the information about this
>> topic on the page about FOSDEM keysigning?
> I expect that people this year will not be trusting passports that
> have printed "SPECIMEN" on them...
> But a PGP keysigning does not aim to prevent signing keys from
> government spy agencies who offer genuine passports that have been
> issued to fake names. I doubt that many spies with such documents
> will be standing in line for a couple of PGP signatures though.
> Every keysigning participant is free to choose which documents
> they accept as proof of identity and which keys they will or will
> not sign. When you are unsure about somebody's proof of identity, I
> would recommend that you do not sign their key. And people who
> don't trust government issued ID documents at all, probably
> shouldn't join the keysigning.
> The organisers strongly recommend that every participant bring at
> least one valid, generally recognised, official government issued
> ID with a good photograph; such as a passport, or EU identity card.
> Bringing multiple documents (e.g. an additional driver's license)
> is even better.
Given that free software doesn't discriminate against any field of
endeavor, there is no reason why an MI6/Mossad/CIA/KGB hitman can't
have his key signed. A bigger issue may arise when people email the
signatures to addresses other than those they are actually signing, that
is when the ID-spoofer can really benefit. Maybe it is more important
to focus on that than the quality of the ID?
More information about the FOSDEM