On Tue, May 30, 2006 at 01:57:18PM -0700, Paul Johnson wrote: > On Tuesday 30 May 2006 13:02, Adam Borowski wrote: > > On Tue, May 30, 2006 at 12:20:14PM -0700, Paul Johnson wrote: > > > Even the guy at 7-Eleven has the big book of north american ID cards with > > > pictures and descriptions of what makes a real one for when they > > > encounter an ID that they've never seen before. > > How can you check if an ID card is real based only on what is written > > on the card, even if it has all the hallmarks mentioned in that book? > If you don't trust the ID, you don't sign the key. But having the book to be > able to get a bad feeling about the ID from sure beats the apparent current > system of "Sign the key and hope the ID is for real."
What I mean is, it makes no sense to believe that IDs provide any real security. I would rather trust some common sense. A brief Google search on the person's name where you look at page 6 and pick something that the person whose key you're signing should know. For example, my name is pretty popular, but it's still pretty easy to pick a reference to me. Taking a few random links yields: * an ELinks patch for a bug with xterm detection => ask me what was wrong * a translation of a task from the Polish Olympiad in Informatics, the task was authored by me => ask me to briefly describe a solution for the task * a Usenet-to-webforum mirror of r.g.r.nethack with a post about "termrec", my enhanced implementation of ttyrec => you can assume that the upstream of a piece of software will know its inner workings pretty well Generally, you can learn a few things about the person you're trying to impersonate, but there is no way you can know everything. And the real person can describe things in detail... Thus, given: A) someone with a government-issued ID, or B) someone with a random card that bears a photo: a chess club card, a Transnational Republic passport, etc I see hardly any difference between person A and B. I would trust common sense, not any passport. > > See, if you visit a bazaar, I bet a helpful guy with a Russian accent > > can sell you a perfectly valid passport for less than $50. > > [...] > > That's about what checking government-issued IDs is worth. > Perhaps in that part of the world, yes. Yes, you're right. In the US, the ID may set me back perhaps even $100 or more. And the point is...? Cheers and schtuff, -- 1KB // Microsoft corollary to Hanlon's razor: // Never attribute to stupidity what can be // adequately explained by malice. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]