Re: Keysigning without physically meeting ... thoughts?
Jacob S <stormspotter <at> 6Texans.net>
2005-06-01 02:48:11 GMT
On Tue, 31 May 2005 14:13:54 -0600
"Wesley J. Landaker" <wjl <at> icecavern.net> wrote:
> On Tuesday 31 May 2005 14:11, Andrew Suffield wrote:
> > On Tue, May 31, 2005 at 09:03:12AM -0600, Wesley J. Landaker wrote:
> > > I wrote this up to someone. I thought I'd share it, and get your
> > > thoughts. (e.g. anybody see any weaknesses in #1-#3 that *aren't*
> > > present in the typical meet, check ID, get GPG fingerprint,
> > > assuming #4 is always used afterwards?)
> > Falsifying a government-issued ID is a criminal offence, regardless
> > of how often it happens (using it to buy alcohol is not important;
> > they simply raise the minimum age to compensate, so there's no need
> > to enforce it there). Falsifying a random photograph is not illegal
> > at all, and there is no reason why somebody wouldn't do it. Nothing
> > here has verified their identity with any strength to speak of. A
> > person who wants to generate an identity can do so with minimal
> > effort and no repercussions - so why wouldn't they?
> Right, but they have to get it notarized (or forge a notary's seal,
> which is a criminal offense, at least in the US) which requires
> government ID (again, at least in the US).
> Regardless, how is this different from meeting someone in person? They
> can just show me their fake ID--I won't know it's fake. (And, as you
> said, forged ID happens a lot and is easily available. =)
So why bother with steps 1 & 2 when 3 is the only one that carries any
weight? Maybe there is a good reason that I do not know of, but I can
not think of any. I am genuinely curious, though.