[FOSDEM] Keysigning party / trusting government-issued ID?

Daniel Pocock daniel at pocock.pro
Fri Jan 6 11:08:17 CET 2017



On 05/01/17 21:31, Johan van Selst wrote:
> Hi Daniel,
> 
> Daniel Pocock wrote:
>> Will people be trusting Government-issued ID documents at the
>> keysigning party this year?  What are the alternatives?  Would
>> anybody be interested in expanding the information about this
>> topic on the page[1] about FOSDEM keysigning?
> 
> I expect that people this year will not be trusting passports that 
> have printed "SPECIMEN" on them...
> 
> But a PGP keysigning does not aim to prevent signing keys from 
> government spy agencies who offer genuine passports that have been 
> issued to fake names. I doubt that many spies with such documents
> will be standing in line for a couple of PGP signatures though.
> 
> Every keysigning participant is free to choose which documents
> they accept as proof of identity and which keys they will or will
> not sign. When you are unsure about somebody's proof of identity, I
> would recommend that you do not sign their key. And people who
> don't trust government issued ID documents at all, probably
> shouldn't join the keysigning.
> 
> The organisers strongly recommend that every participant bring at
> least one valid, generally recognised, official government issued
> ID with a good photograph; such as a passport, or EU identity card.
> Bringing multiple documents (e.g. an additional driver's license)
> is even better.
> 

Given that free software doesn't discriminate against any field of
endeavor, there is no reason why an MI6/Mossad/CIA/KGB hitman can't
have his key signed.  A bigger issue may arise when people email the
signatures to addresses other than those they are actually signing, that
is when the ID-spoofer can really benefit.  Maybe it is more important
to focus on that than the quality of the ID?

Regards,

Daniel


More information about the FOSDEM mailing list