On Fri, Feb 29, 2008 at 6:40 PM, Brian Smith <[EMAIL PROTECTED]> wrote:
> > The basic assumption is that a key signing is good and that > > you actually gain something from it. > > That is the assumption that I am challenging. You are not challengging the assumption, you are attacking the implementation :) > > In the US, they are just using credit cards and the ability > > to block money on your account for their own use in stead of > > ID. This is basically an ID with electronic traceability > > (people _know_ you were in X, renting a car. > > And they can look it all up in a central location). > > These are things I want to help change. For some things, you simply need to establish identity. As soon as you leave the 'I have known you since birth and you are tightly knit into my social circle' regions, doing some things, especially ones involving large amounts of money, is simply not feasible. You can challenge that assumption by giving me your car, house & bank accounts. Unless you never go far from your birthplace, or progress very slowly in one direction, you simply need to be able to establish ID. Or you can do the US thing of just taking a pile of [electronic] cash into custody. > There's got to be some mechanism that doesn't require (as much) hope, > and which doesn't require the loss of anonymity, at least for common > uses of PGP like personal email. There are three forms of ID: a) 'This is the same person I have had contact with before.' This can be done via an unsigned key or facial recognition. b) 'This person is known to someone I [have to] trust.' Web of trust, government-issued ID, alias-based eID c) 'I know this person to be X.' You have known them for a very long time, preferably since their birth. As GPG WoT aims to stay in the realm of b), it is, quite literally, impossible to establish anything of use with a). Note that there are schemes that involve GPG and a), but they can not reliably establish identity, only authenticy. > Would better IDs really help? It has got to be hard for a person to say > "I don't trust you or your ID, I'm not going to sign your key." If your full DNA print is being taken at birth, you are implanted with a chip immediately & you are under close, automated surveillance for all your life, this would be the complete solution and 'help', yes. If I had any reasonable doubt as to the validity of someone's ID or if they match the identity on the ID, I would say so, yes. If you are concerned about the social implications, tell them you will sign it and then don't. Chances are that in such a scenario, you will not meet the other person again, anyway. Richard > > > > - Brian > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users