[FOSDEM] Keysigning party / trusting government-issued ID?
Daniel Pocock
daniel at pocock.pro
Fri Jan 6 11:08:17 CET 2017
On 05/01/17 21:31, Johan van Selst wrote:
> Hi Daniel,
>
> Daniel Pocock wrote:
>> Will people be trusting Government-issued ID documents at the
>> keysigning party this year? What are the alternatives? Would
>> anybody be interested in expanding the information about this
>> topic on the page[1] about FOSDEM keysigning?
>
> I expect that people this year will not be trusting passports that
> have printed "SPECIMEN" on them...
>
> But a PGP keysigning does not aim to prevent signing keys from
> government spy agencies who offer genuine passports that have been
> issued to fake names. I doubt that many spies with such documents
> will be standing in line for a couple of PGP signatures though.
>
> Every keysigning participant is free to choose which documents
> they accept as proof of identity and which keys they will or will
> not sign. When you are unsure about somebody's proof of identity, I
> would recommend that you do not sign their key. And people who
> don't trust government issued ID documents at all, probably
> shouldn't join the keysigning.
>
> The organisers strongly recommend that every participant bring at
> least one valid, generally recognised, official government issued
> ID with a good photograph; such as a passport, or EU identity card.
> Bringing multiple documents (e.g. an additional driver's license)
> is even better.
>
Given that free software doesn't discriminate against any field of
endeavor, there is no reason why an MI6/Mossad/CIA/KGB hitman can't
have his key signed. A bigger issue may arise when people email the
signatures to addresses other than those they are actually signing, that
is when the ID-spoofer can really benefit. Maybe it is more important
to focus on that than the quality of the ID?
Regards,
Daniel
The content of all messages is the sole responsibility of the author.
More information about the FOSDEM
mailing list