Re: Keysigning without physically meeting ... thoughts?
On Sun, Jun 19, 2005 at 03:19:14PM +1000, Brian May wrote: Steve == Steve Langasek [EMAIL PROTECTED] writes: Steve Many people consider all of options a), b), and c) to be Steve inappropriate, and will instead encrypt each of the uid Steve signatures individually and mail them to the corresponding Steve email address, to verify that you control each address. I didn't see any key signing HOWTO or FAQ that mentioned this, not even the Debian guide. Do you have a reference? Well, c.f. the behavior of the caff keysigning tool (part of the pgp-tools repo on alioth). However, if I was able to intercept email to [EMAIL PROTECTED] (maybe I have exploited a security hole in master.debian.org that hasn't been discovered/fixed yet), this wouldn't help. Even if you looked up Debian web pages for [EMAIL PROTECTED], you still wouldn't verify that this isn't really my address, as real name is only out by one character. Typo? My point though is that I could have taken my dodgy key into a keysigning session, and people adhering to many standard keysigning would not notice anything wrong, even if I couldn't intercept the mail. Well, yes; this is why the additional practices have developed. * If I was a new Debian maintainer, I could submit my key to the official Debian keyring, with only the Brian May [EMAIL PROTECTED] key ring, and use this to upload packages. If I deliberately made an upload, say of the PCMCIA packages, which was a Trojan horse, Brian Mays would get the blame, not me. New key uploads to keyring.debian.org are processed manually. I assume that validity of debian.org uids is one of the checks the keyring maintainer does... * If I was able to intercept Brian Mays email, I might be able trick people into sending encrypted email using my signed and verified key, instead my Brian Mays signed and verified key. That way I can read his encrypted email. Which is a known limitation of this verification procedure, yes. Steve Certainly, it doesn't mean that they're the same person. Steve Who has asserted that this is the case? Just because there Steve may be more than one person with the same real name using Steve PGP doesn't invalidate the practice of ensuring that the Steve name on a key is the same as the person's real name. I was under the impression that signing was implemented so you could trust that keyid 00530C24 with the fingerprint 9918 7E12 ABAF 54EA 9C9E 27A5 B828 A71C 0053 0C24 really was the person everyone knows as Brian May. If you trust the signature, you can trust that the key belongs to *a* person everyone knows as Brian May... That way, if you want to send my a secure email, but never have met me in person, but you know a trusted friend (Fred) how has met me in person, and has signed my key, you can still communicate to me securely. After all, I thought this was the whole point of key signing. Sure. But presumably I'm going to verify your identity by the name *and* email address on your key. Or, I'm going to ask Fred which one you are. :) However, it seems that key signing only verifies * the name on my UID matches my legal name. * (optional) that I can read email to the email address in the UID. For the first part, so what if my legal name is Brian May? Does this have any significance to the open source community? Maybe the name Brian May matches the name I use on emails, then again, maybe it doesn't. Or maybe somebody else is using that name on emails. There is no way to verify that keyid 00530C24 is the same person who made all of these interesting contributions, and not the person who writes Trojan horses 24 hours a day and also happens to have the same name, unless said contributions are signed by the same key. To the extent that it is possible at all, the procedure described for verifying that you control the email address on your key demonstrates that you're the same person making contributions under that identity. When Fred signs my key, he might think I am the first person, when in fact I might be the later. Nowhere does it state on my passport that my favorite hobby is writing Trojan horses ;-). And so, if I know that Fred doesn't have a procedure for verifying email addresses when signing keys, I may not be inclined to fully trust his signatures. The only real way to uniquely identify somebody is with the key-id and fingerprint, communicated via secure channel. All this proves is that the person who signed all these emails with the same key is the same person. Well, if you go to a DebConf, you also have a good chance of directly verifying whether the person signing the mails is the same person who shows up? :) -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Re: Keysigning without physically meeting ... thoughts?
On Sun, Jun 19, 2005 at 03:19:14PM +1000, Brian May wrote: Steve == Steve Langasek [EMAIL PROTECTED] writes: Is this process correct? Or did something go seriously wrong here? If it was correct, why was it correct? If it was wrong, why was it wrong? For anyone who didn't pick it up; I lied: [EMAIL PROTECTED] isn't my email address. Steve Many people consider all of options a), b), and c) to be Steve inappropriate, and will instead encrypt each of the uid Steve signatures individually and mail them to the corresponding Steve email address, to verify that you control each address. I didn't see any key signing HOWTO or FAQ that mentioned this, not even the Debian guide. Do you have a reference? However, if I was able to intercept email to [EMAIL PROTECTED] (maybe I have exploited a security hole in master.debian.org that hasn't been discovered/fixed yet), this wouldn't help. DD's from time to time are MIA, busy, on vacation, etc. Is that not another form of 'security hole'? Would this not allow time for someone to: intercept mail, NMU, etc. Cheers, Kev much snippage -- counter.li.org #238656 -- goto counter.li.org and be counted! `$' $' $ $ _ ,d$$$g$ ,d$$$b. $,d$$$b`$' g$b $,d$$b ,$P' `$ ,$P' `Y$ $$' `$ $ ' `$ $$' `$ $$ $ $$g$ $ $ $ ,$P $ $$ `$g. ,$$ `$$._ _. $ _,g$P $ `$b. ,$$ $$ `Y$$P'$. `YP $$$P' ,$. `Y$$P'$ $. ,$. signature.asc Description: Digital signature
Re: Keysigning without physically meeting ... thoughts?
Steve == Steve Langasek [EMAIL PROTECTED] writes: Is this process correct? Or did something go seriously wrong here? If it was correct, why was it correct? If it was wrong, why was it wrong? For anyone who didn't pick it up; I lied: [EMAIL PROTECTED] isn't my email address. Steve Many people consider all of options a), b), and c) to be Steve inappropriate, and will instead encrypt each of the uid Steve signatures individually and mail them to the corresponding Steve email address, to verify that you control each address. I didn't see any key signing HOWTO or FAQ that mentioned this, not even the Debian guide. Do you have a reference? However, if I was able to intercept email to [EMAIL PROTECTED] (maybe I have exploited a security hole in master.debian.org that hasn't been discovered/fixed yet), this wouldn't help. Even if you looked up Debian web pages for [EMAIL PROTECTED], you still wouldn't verify that this isn't really my address, as real name is only out by one character. Typo? (Good think Brian Mays doesn't seem to be watching this thread...) My point though is that I could have taken my dodgy key into a keysigning session, and people adhering to many standard keysigning would not notice anything wrong, even if I couldn't intercept the mail. This would mean: * If I was a new Debian maintainer, I could submit my key to the official Debian keyring, with only the Brian May [EMAIL PROTECTED] key ring, and use this to upload packages. If I deliberately made an upload, say of the PCMCIA packages, which was a Trojan horse, Brian Mays would get the blame, not me. * If I was able to intercept Brian Mays email, I might be able trick people into sending encrypted email using my signed and verified key, instead my Brian Mays signed and verified key. That way I can read his encrypted email. * Alternatively (assume Brian Mays wasn't an existing developer), I could intercept his email when he supplies his key to Debian for the first time, and replace it with my own. This key would then be installed in the Debian keyring. To make sure this happens, I could intercept previous emails and changed Brian Mays to Brian May and his phone number to my phone number (in case somebody ring up and verify the keyid). (disclaimer: I haven't read the current maintainer procedures; this might be harder then stated). Note: People from time to time do get confused and send me bug reports that should have been sent to Brian Mays, such confusion could work to the benefit of a would be attacker. I can't help but wonder if we have become to obsessed with signing a key to a particular name, that we have lost track of what we are trying to achieve. Just because the name matches (or is almost identical) does not mean it is the same person. Even if this key has hundreds of trusted signatures and the name is identical, it still doesn't mean it must be the same person. Steve Certainly, it doesn't mean that they're the same person. Steve Who has asserted that this is the case? Just because there Steve may be more than one person with the same real name using Steve PGP doesn't invalidate the practice of ensuring that the Steve name on a key is the same as the person's real name. I was under the impression that signing was implemented so you could trust that keyid 00530C24 with the fingerprint 9918 7E12 ABAF 54EA 9C9E 27A5 B828 A71C 0053 0C24 really was the person everyone knows as Brian May. That way, if you want to send my a secure email, but never have met me in person, but you know a trusted friend (Fred) how has met me in person, and has signed my key, you can still communicate to me securely. After all, I thought this was the whole point of key signing. However, it seems that key signing only verifies * the name on my UID matches my legal name. * (optional) that I can read email to the email address in the UID. For the first part, so what if my legal name is Brian May? Does this have any significance to the open source community? Maybe the name Brian May matches the name I use on emails, then again, maybe it doesn't. Or maybe somebody else is using that name on emails. There is no way to verify that keyid 00530C24 is the same person who made all of these interesting contributions, and not the person who writes Trojan horses 24 hours a day and also happens to have the same name, unless said contributions are signed by the same key. When Fred signs my key, he might think I am the first person, when in fact I might be the later. Nowhere does it state on my passport that my favorite hobby is writing Trojan horses ;-). The only real way to uniquely identify somebody is with the key-id and fingerprint, communicated via secure channel. All this proves is that the person who signed all these emails with the same key is the same person. Notes: For this email, I am assuming: * security of the private key is not compromised. * legal
Re: Keysigning without physically meeting ... thoughts?
On Sun, Jun 12, 2005 at 12:10:15AM -0700, Steve Langasek wrote: On Sun, Jun 12, 2005 at 07:49:51AM +0100, Andrew Suffield wrote: On Sat, Jun 11, 2005 at 11:17:21PM -0700, Steve Langasek wrote: What are we setting out to achieve? - To verify that the person so identified controls a specific email address What does 'control' mean here? Given this: Many people consider all of options a), b), and c) to be inappropriate, and will instead encrypt each of the uid signatures individually and mail them to the corresponding email address, to verify that you control each address. I presume that you just mean 'is capable of receiving mail sent to the address', but that is anybody at all with an internet connection and a copy of woody, which contains all you need to capture other people's mail. I'm not sure why you're bothering to verify that the person so identified falls into this group. Yes, and might I say, your personal email is particularly juicy. The only explanation I can come up with for that being 'juicy' is that your wife has made you sleep outside again. Oh -- or did you mean to say anybody at all with an Internet connection, a copy of woody, and *access to one of the networks/hosts in the path of travel of the email*? No. The path is easily redirected for short periods of time to a host which you do have access to. There's a variety of methods for doing this which are commonly used by the script kiddies and phishers, but for obvious reasons I'm not going to go into details on a public mailing list. It's been said that email is like a postcard, but really it's more like going to your window and shouting across the valley. Odds are that nobody is listening or would give a damn if they were, but they can easily listen to a given person if they want to. Mail delivery is nothing remotely resembling secure. That's why we need keys in the first place (and all you people waving smtp-tls around, go back and think about how useful that's going to be without signing keys). This is an argument that there is no such thing as perfect security. No, it's an observation that there is not even an attempt at security here. Verifying that the signee has control over the email address is exactly that -- that's why I didn't say that it was verifying who *owned* the email address. Knowing this may be of limited value, but that doesn't mean it's not worth doing. What value exactly do you gain by verifying that the signee has an internet connection and a handful of basic tools? I can't think of a reason why you'd go to all this trouble just to verify that. I thought it was obvious from the fact that they use both email and gpg. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | signature.asc Description: Digital signature
Re: Keysigning without physically meeting ... thoughts?
On Sun, Jun 12, 2005 at 11:49:29AM +1000, Brian May wrote: Can I please ask the blindingly obvious question that is so obvious nobody has asked? What is the point of keysigning? What are we setting out to achieve? - To authenticate a person's real-world identity - To verify that the person so identified controls a specific email address - To verify that the person so identified controls a specific PGP key Ok, so I get my key signed, using what I believe to be the standard process[1][2][3][4][...]: 1. I claim to be Brian May. I have a passport that proves that I am in fact Brian May. I have a drivers license that proves that I am Brian May. The photos are identical to what I look like. Assume none of these are forged. I suspect many people would not be able to tell a forgery, even if it technically is illegal. Often the photo looks nothing like the person (due to shave, glasses, hair style, etc). In this case though, I am very convincing that I am Brian May. People who know me and see me can also confirm this. 2. I claim key-id 00530C24 with fingerprint 9918 7E12 ABAF 54EA 9C9E 27A5 B828 A71C 0053 0C24 is mine. In fact, numerous people have already signed this key for me. 3. You obtain a copy of my key with the following UIDs, and sign all of them: Brian May [EMAIL PROTECTED] Brian May [EMAIL PROTECTED] Brian May [EMAIL PROTECTED] Brian May [EMAIL PROTECTED] Brian May [EMAIL PROTECTED] (note: assume for this keysigning I deleted my old UIDs and added several new ones that I should have added several years ago). 4. Either: a) You send a copy of my key, to me, to the first address[1]. b) You send a copy of my key, encrypted using my key, to the first address. Do this if I you know I want to keep my public key private[2]. Or do this if the key signing session was a smaller group[3]. c) You upload to a key server. Do this only if you know I want the public key to become public[2], or if keysigning wasn't a smaller group[3]. Or just do this anyway[4]. I have heard various reasons why each alternative is better then the other alternatives. Read the references. Is this process correct? Or did something go seriously wrong here? If it was correct, why was it correct? If it was wrong, why was it wrong? Many people consider all of options a), b), and c) to be inappropriate, and will instead encrypt each of the uid signatures individually and mail them to the corresponding email address, to verify that you control each address. Assume this key isn't already in the Debian keyring (it is), but I am an existing Debian Developer. If you were the Debian administrators, would you have any problems adding this key to the Debian keyring? What if I only supplied my Debian UID, and my public key was otherwise private? I'm not sure I understand the question. What problem *should* anyone have adding such a key to the keyring? As a keysigner, I'm concerned about not signing uids that assert email addresses you don't actually control, but as a keyring maintainer, it would be very difficult to assert that you *don't* control one or more of those email addresses; unless you send a key that has a fraudulent debian.org address on it (or other bogus address which I know is fraudulent), I don't see why there would be an issue here. So after having my key signed, I get my name legally changed to John Doe. As such, I get my passport, etc, reissued under John Doe. Does this suddenly mean my key is invalid? If so why? What if my email address of [EMAIL PROTECTED] was still valid? Would it be OK to sign a UID for John Doe if the UID was Brian May [EMAIL PROTECTED] or John Doe [EMAIL PROTECTED], but I didn't have any proof of ever being Brian May? Why/Why not? It would be ok to sign John Doe [EMAIL PROTECTED]. It would not be ok to sign Brian May [EMAIL PROTECTED]. A signature is a claim that the name in the UID corresponds to the real-world identity of the person who controls the key; which, by virtue of your name change, would no longer be true. I have had people offer me keys for signing before, where the name on their state ID and the name on the piece of paper they gave me didn't match the name on their PGP key. I didn't sign those keys. While I could say that I have some ephemeral trust path to the owner of that key, none of the uids present on the key were suitable for me to express this to other people. What if my past email address was something cryptic, like [EMAIL PROTECTED], how would you know if this was suppose to belong to Brian May or John Doe? Why does that matter? You sign it, or don't, based on the name part of the uid; and if you want to additionally verify that the person controls the email address, you encrypt the signature and send it to that address. What if I got my name legally changed to Branden Robinson? Shouldn't I be able to get
Re: Keysigning without physically meeting ... thoughts?
On Sat, Jun 11, 2005 at 11:17:21PM -0700, Steve Langasek wrote: What are we setting out to achieve? - To verify that the person so identified controls a specific email address What does 'control' mean here? Given this: Many people consider all of options a), b), and c) to be inappropriate, and will instead encrypt each of the uid signatures individually and mail them to the corresponding email address, to verify that you control each address. I presume that you just mean 'is capable of receiving mail sent to the address', but that is anybody at all with an internet connection and a copy of woody, which contains all you need to capture other people's mail. I'm not sure why you're bothering to verify that the person so identified falls into this group. Mail delivery is nothing remotely resembling secure. That's why we need keys in the first place (and all you people waving smtp-tls around, go back and think about how useful that's going to be without signing keys). (I can't even be bothered to start laughing at the idea of encrypting signatures. That's just too silly even for ridicule). -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | signature.asc Description: Digital signature
Re: Keysigning without physically meeting ... thoughts?
On Sun, Jun 12, 2005 at 07:49:51AM +0100, Andrew Suffield wrote: On Sat, Jun 11, 2005 at 11:17:21PM -0700, Steve Langasek wrote: What are we setting out to achieve? - To verify that the person so identified controls a specific email address What does 'control' mean here? Given this: Many people consider all of options a), b), and c) to be inappropriate, and will instead encrypt each of the uid signatures individually and mail them to the corresponding email address, to verify that you control each address. I presume that you just mean 'is capable of receiving mail sent to the address', but that is anybody at all with an internet connection and a copy of woody, which contains all you need to capture other people's mail. I'm not sure why you're bothering to verify that the person so identified falls into this group. Yes, and might I say, your personal email is particularly juicy. Oh -- or did you mean to say anybody at all with an Internet connection, a copy of woody, and *access to one of the networks/hosts in the path of travel of the email*? Mail delivery is nothing remotely resembling secure. That's why we need keys in the first place (and all you people waving smtp-tls around, go back and think about how useful that's going to be without signing keys). This is an argument that there is no such thing as perfect security. I'm not stupid enough to have made any such claim, but thank you for reminding us all that you *think* most DDs are stupid enough to believe in such things. Verifying that the signee has control over the email address is exactly that -- that's why I didn't say that it was verifying who *owned* the email address. Knowing this may be of limited value, but that doesn't mean it's not worth doing. -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Re: Keysigning without physically meeting ... thoughts?
Wesley == Wesley J Landaker [EMAIL PROTECTED] writes: Wesley I wrote this up to someone. I thought I'd share it, and Wesley get your thoughts. (e.g. anybody see any weaknesses in Wesley #1-#3 that *aren't* present in the typical meet, check ID, Wesley get GPG fingerprint, assuming #4 is always used Wesley afterwards?) Can I please ask the blindingly obvious question that is so obvious nobody has asked? What is the point of keysigning? What are we setting out to achieve? Ok, so I get my key signed, using what I believe to be the standard process[1][2][3][4][...]: 1. I claim to be Brian May. I have a passport that proves that I am in fact Brian May. I have a drivers license that proves that I am Brian May. The photos are identical to what I look like. Assume none of these are forged. I suspect many people would not be able to tell a forgery, even if it technically is illegal. Often the photo looks nothing like the person (due to shave, glasses, hair style, etc). In this case though, I am very convincing that I am Brian May. People who know me and see me can also confirm this. 2. I claim key-id 00530C24 with fingerprint 9918 7E12 ABAF 54EA 9C9E 27A5 B828 A71C 0053 0C24 is mine. In fact, numerous people have already signed this key for me. 3. You obtain a copy of my key with the following UIDs, and sign all of them: Brian May [EMAIL PROTECTED] Brian May [EMAIL PROTECTED] Brian May [EMAIL PROTECTED] Brian May [EMAIL PROTECTED] Brian May [EMAIL PROTECTED] (note: assume for this keysigning I deleted my old UIDs and added several new ones that I should have added several years ago). 4. Either: a) You send a copy of my key, to me, to the first address[1]. b) You send a copy of my key, encrypted using my key, to the first address. Do this if I you know I want to keep my public key private[2]. Or do this if the key signing session was a smaller group[3]. c) You upload to a key server. Do this only if you know I want the public key to become public[2], or if keysigning wasn't a smaller group[3]. Or just do this anyway[4]. I have heard various reasons why each alternative is better then the other alternatives. Read the references. Is this process correct? Or did something go seriously wrong here? If it was correct, why was it correct? If it was wrong, why was it wrong? Assume this key isn't already in the Debian keyring (it is), but I am an existing Debian Developer. If you were the Debian administrators, would you have any problems adding this key to the Debian keyring? What if I only supplied my Debian UID, and my public key was otherwise private? So after having my key signed, I get my name legally changed to John Doe. As such, I get my passport, etc, reissued under John Doe. Does this suddenly mean my key is invalid? If so why? What if my email address of [EMAIL PROTECTED] was still valid? Would it be OK to sign a UID for John Doe if the UID was Brian May [EMAIL PROTECTED] or John Doe [EMAIL PROTECTED], but I didn't have any proof of ever being Brian May? Why/Why not? What if my past email address was something cryptic, like [EMAIL PROTECTED], how would you know if this was suppose to belong to Brian May or John Doe? What if I got my name legally changed to Branden Robinson? Shouldn't I be able to get my key signed? Just because my name happens to be the same as some other person on this planet... Or would it be better if I invented an alias? Then my key ID wouldn't match my legal ID. What if everyone knows me by an alias, but I haven't/don't want to change my legal name? Rusty Russell is one well known example. If my key uses my real name, people may not realize it is me. I can't help but wonder if we have become to obsessed with signing a key to a particular name, that we have lost track of what we are trying to achieve. Just because the name matches (or is almost identical) does not mean it is the same person. Even if this key has hundreds of trusted signatures and the name is identical, it still doesn't mean it must be the same person. You could improve security if you do the tedious task of sending an email to every address, using a password decided on at the meeting[3]. This is step is considered optional. However [3] doesn't give the full details for this to be secure, either. You would need: * ensure nobody else sees the shared password. The password for every person should be different. Writing it down could be unsafe, but not writing it down could lead to memory loss. * to test every email address you are going to sign. * to send a cookie that is different for every email address. * receive a response for every email address and check that both the cookie and passwords match. Otherwise, I could send an email back to you (with a modified From: header) that appears to be a response to the email you sent me, when in actual fact I never received it, or
Re: Keysigning without physically meeting ... thoughts?
Ron Johnson dijo [Wed, Jun 01, 2005 at 05:48:46AM -0500]: A while ago, in an IRC discussion, it was revealed that a notary in the US doesn't mean as much as it does in Europe. AIUI, in the US, a notary is just some extra title a lot of secretaries have, so that they can make some documents more official. That's wrong. You take a non-trivial test, and be background checked. The secretaries you are referring to are 99.9% of the time in law offices and title-transfer companies. Well, the main point behind this still stands: In the US, notaries are quite common and cheap. In Mexico, they serve +- the same role as there (gathered from your other replies in this thread and from what I know), but I don't think a single notary in this city would certify that I am the guy that appears in my government-issued ID without charging me some US$200 first, at the very least. Most people in this country don't make more than US$400 a month, so notaries are an unaffordable luxury. ...And that for simple transactions. My father bought his house a couple of years ago. IIRC, the notary's fee for the transaction was closer to US$1500. Greetings, -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)1451-2244 / 5623-0154 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keysigning without physically meeting ... thoughts?
On Wed, 1 Jun 2005 11:52:03 +0100 Andrew Suffield [EMAIL PROTECTED] wrote: On Tue, May 31, 2005 at 02:13:54PM -0600, Wesley J. Landaker wrote: On Tuesday 31 May 2005 14:11, Andrew Suffield wrote: On Tue, May 31, 2005 at 09:03:12AM -0600, Wesley J. Landaker wrote: [snip] A notary doesn't certify that the document you hand them is correct. All they certify is that you handed them this particular document on this particular date. And how is it any more trustworthy that I look at you and your possibly-fake government ID card, and say, Yep, that looks like your picture. Regardless, how is this different from meeting someone in person? The difference would be the deterrent effect. Without it, there's absolutely no reason why anybody wouldn't generate throwaway identities at whim. If someone is determined to pass himself off as someone else, I don't see how eyeballing him serves as a deterrent. Minors do it (use fake IDs in public) all the time. A web of trust is based on how well an already-trusted person can determine whether a candidate is who he says he is. The point of using (in the US, at least) a Notary Public, is that the NP is presumed to be trustworthy (there's a background check, etc, etc). So, why shouldn't the web of trust be extended to NPs, for the task of initial authentication? -- - Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. Peace is that brief glorious moment in history when everybody stands around reloading. Unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keysigning without physically meeting ... thoughts?
* Wouter Verhelst: Well, in Belgium it's not /that/ bad (a notary is required by law to give you free advice), but the moment he uses his stamp, it indeed is a three digit bill (around ¤900 last time I required the use of a notary's services) The fee depends in part on the value of the transaction that is being certified. Notaries and their lobbyists fight very hard to stop the proliferation of state-approved digital signatures. After all, you wouldn't consult them anymore if you could get the same level of service using two $30 smartcards.
Re: Keysigning without physically meeting ... thoughts?
On Thu, 02 Jun 2005 02:17:50 +0200, Bernd Eckenfels [EMAIL PROTECTED] wrote: In germany the post offices offer a service where you hand the clerk your id and he will check it, enter the details into a letter which he sends to the receipient. This is called postident. That way you can do age checks and idendity proofs. However you have to trust a random person to do the job right. PGP has (undefined) assurance levels to express this. And judging by the service the german post office usually provides, I won't trust postident zilch. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: Keysigning without physically meeting ... thoughts?
On Thu, 02 Jun 2005, Paul TBBle Hampson wrote: I was told to get a notarised form for a domain transfer before the domain registrar would release it. I ended up losing the domain (_) because I discovered that to find a notary in Australia, you have to go to a US Embassy. Huh? I've delivered documents to Verisign, NSI and Thawte verified by the local public notary without any issues. --j -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keysigning without physically meeting ... thoughts?
On Fri, 3 Jun 2005 01:36:26 +0300 Jaakko Niemi [EMAIL PROTECTED] wrote: On Thu, 02 Jun 2005, Paul TBBle Hampson wrote: I was told to get a notarised form for a domain transfer before the domain registrar would release it. I ended up losing the domain (_) because I discovered that to find a notary in Australia, you have to go to a US Embassy. Huh? I've delivered documents to Verisign, NSI and Thawte verified by the local public notary without any issues. Finland and Oz have different laws regarding NPs? -- - Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. They ginned up a war with an empty gun. Chris Matthews, regarding Saddam Hussein Iraq -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keysigning without physically meeting ... thoughts?
On Fri, Jun 03, 2005 at 01:36:26AM +0300, Jaakko Niemi wrote: On Thu, 02 Jun 2005, Paul TBBle Hampson wrote: I was told to get a notarised form for a domain transfer before the domain registrar would release it. I ended up losing the domain (_) because I discovered that to find a notary in Australia, you have to go to a US Embassy. Huh? I've delivered documents to Verisign, NSI and Thawte verified by the local public notary without any issues. I actually ended up taking a moral stand on the grounds that they were trying to hijack my domain by demanding extra proof that I am who I said I was beyond controlling the email address and password I used to create the domain. (I'm not sure what they planned on comparing my documentation _to_. They were also talking about charging me something like three years of registration as an 'exit' fee. Luckily for the rest of my domains, the changes which mean 'no denial' == 'transfer' came through before I had any other domains expire.) This all started because their ecommerce system started rejecting my visa card, and their support stopped responding for nearly a full year after replying with try it again, works fine here. -- --- Paul TBBle Hampson, MCSE 8th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] No survivors? Then where do the stories come from I wonder? -- Capt. Jack Sparrow, Pirates of the Caribbean This email is licensed to the recipient for non-commercial use, duplication and distribution. --- pgpKOl3pSphuA.pgp Description: PGP signature
Re: Keysigning without physically meeting ... thoughts?
On Wed, Jun 01, 2005 at 07:54:51AM +0200, Marc Haber wrote: On Tue, 31 May 2005 14:13:54 -0600, Wesley J. Landaker [EMAIL PROTECTED] wrote: Right, but they have to get it notarized (or forge a notary's seal, which is a criminal offense, at least in the US) which requires government ID (again, at least in the US). The entire procedure is quite US centric. I don't understand why you US guys are so fond of your notaries. A while ago, in an IRC discussion, it was revealed that a notary in the US doesn't mean as much as it does in Europe. AIUI, in the US, a notary is just some extra title a lot of secretaries have, so that they can make some documents more official. Over here, however, being a notary is a full-time job; in addition, many notaries employ some clerks, too. Over here, it's a three digit bill for the notary to open the office door and to offer you a chair, Well, in Belgium it's not /that/ bad (a notary is required by law to give you free advice), but the moment he uses his stamp, it indeed is a three digit bill (around 900 last time I required the use of a notary's services) -- The amount of time between slipping on the peel and landing on the pavement is precisely one bananosecond -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keysigning without physically meeting ... thoughts?
On Wed, 01 Jun 2005 07:54:51 +0200 Marc Haber [EMAIL PROTECTED] wrote: On Tue, 31 May 2005 14:13:54 -0600, Wesley J. Landaker [EMAIL PROTECTED] wrote: Right, but they have to get it notarized (or forge a notary's seal, which is a criminal offense, at least in the US) which requires government ID (again, at least in the US). The entire procedure is quite US centric. I don't understand why you US guys are so fond of your notaries. Because they do less in Common Law countries than in Civil Law countries. In the United States, generally speaking, a notary public is a public official appointed by the government to serve the public as an impartial witness. http://en.wikipedia.org/wiki/Notary_public Over here, it's a three digit bill for the notary to open the office door and to offer you a chair, so there might be cultures where one thinks twice or even three times before having something notarized. Additionally, the web of trust is the web of trust because it is entirely self-contained, without putting any trust on government and state official. Your suggestion violates this principle by moving the verification state to the notary. Even if the notary were sufficiently advanced to offer PGP key signing with her official key this were not good enough for Debian, since the Debian web of trust explicitly relies on being self-contained. You'd need to have a DD notary, which at this point makes the signature valid because of the DD property, and being notary becomes irrelevant. -- - Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. You may either win your peace or buy it: win it, by resistance to evil; buy it, by compromise with evil. John Ruskin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keysigning without physically meeting ... thoughts?
On Wed, 1 Jun 2005 10:14:43 +0200 Wouter Verhelst [EMAIL PROTECTED] wrote: On Wed, Jun 01, 2005 at 07:54:51AM +0200, Marc Haber wrote: On Tue, 31 May 2005 14:13:54 -0600, Wesley J. Landaker [EMAIL PROTECTED] wrote: Right, but they have to get it notarized (or forge a notary's seal, which is a criminal offense, at least in the US) which requires government ID (again, at least in the US). The entire procedure is quite US centric. I don't understand why you US guys are so fond of your notaries. A while ago, in an IRC discussion, it was revealed that a notary in the US doesn't mean as much as it does in Europe. AIUI, in the US, a notary is just some extra title a lot of secretaries have, so that they can make some documents more official. That's wrong. You take a non-trivial test, and be background checked. The secretaries you are referring to are 99.9% of the time in law offices and title-transfer companies. For example, why see a lawyer, when all you need is an unbiased 3rd party to certify that it was actually you who signed that document? -- - Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. Organic chemistry is the chemistry of carbon compounds. Biochemistry is the study of carbon compounds that crawl. Mike Adams -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keysigning without physically meeting ... thoughts?
On Tue, May 31, 2005 at 02:13:54PM -0600, Wesley J. Landaker wrote: On Tuesday 31 May 2005 14:11, Andrew Suffield wrote: On Tue, May 31, 2005 at 09:03:12AM -0600, Wesley J. Landaker wrote: I wrote this up to someone. I thought I'd share it, and get your thoughts. (e.g. anybody see any weaknesses in #1-#3 that *aren't* present in the typical meet, check ID, get GPG fingerprint, assuming #4 is always used afterwards?) Falsifying a government-issued ID is a criminal offence, regardless of how often it happens (using it to buy alcohol is not important; they simply raise the minimum age to compensate, so there's no need to enforce it there). Falsifying a random photograph is not illegal at all, and there is no reason why somebody wouldn't do it. Nothing here has verified their identity with any strength to speak of. A person who wants to generate an identity can do so with minimal effort and no repercussions - so why wouldn't they? Right, but they have to get it notarized (or forge a notary's seal, which is a criminal offense, at least in the US) which requires government ID (again, at least in the US). A notary doesn't certify that the document you hand them is correct. All they certify is that you handed them this particular document on this particular date. Regardless, how is this different from meeting someone in person? The difference would be the deterrent effect. Without it, there's absolutely no reason why anybody wouldn't generate throwaway identities at whim. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | signature.asc Description: Digital signature
Re: Keysigning without physically meeting ... thoughts?
On Wed, Jun 01, 2005 at 05:48:46AM -0500, Ron Johnson wrote: On Wed, 1 Jun 2005 10:14:43 +0200 Wouter Verhelst [EMAIL PROTECTED] wrote: On Wed, Jun 01, 2005 at 07:54:51AM +0200, Marc Haber wrote: On Tue, 31 May 2005 14:13:54 -0600, Wesley J. Landaker [EMAIL PROTECTED] wrote: Right, but they have to get it notarized (or forge a notary's seal, which is a criminal offense, at least in the US) which requires government ID (again, at least in the US). The entire procedure is quite US centric. I don't understand why you US guys are so fond of your notaries. A while ago, in an IRC discussion, it was revealed that a notary in the US doesn't mean as much as it does in Europe. AIUI, in the US, a notary is just some extra title a lot of secretaries have, so that they can make some documents more official. That's wrong. You take a non-trivial test, and be background checked. The secretaries you are referring to are 99.9% of the time in law offices and title-transfer companies. For example, why see a lawyer, when all you need is an unbiased 3rd party to certify that it was actually you who signed that document? Oh! That explains so much. I was told to get a notarised form for a domain transfer before the domain registrar would release it. I ended up losing the domain (_) because I discovered that to find a notary in Australia, you have to go to a US Embassy. What you describe above sounds like what we call a Justice of the Peace... (Although we don't just get them in law offices, you find them all over the place. I think most states here have an online list of JPs who can witness things for you.) -- --- Paul TBBle Hampson, MCSE 8th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] No survivors? Then where do the stories come from I wonder? -- Capt. Jack Sparrow, Pirates of the Caribbean This email is licensed to the recipient for non-commercial use, duplication and distribution. --- pgpvhQn5inuPA.pgp Description: PGP signature
Re: Keysigning without physically meeting ... thoughts?
On Wednesday 01 June 2005 04:52, Andrew Suffield wrote: Right, but they have to get it notarized (or forge a notary's seal, which is a criminal offense, at least in the US) which requires government ID (again, at least in the US). A notary doesn't certify that the document you hand them is correct. All they certify is that you handed them this particular document on this particular date. Well, the whole point is that they also certify that you are who you say you are, i.e. they check your ID. Regardless, how is this different from meeting someone in person? The difference would be the deterrent effect. Without it, there's absolutely no reason why anybody wouldn't generate throwaway identities at whim. There isn't really any more deterrent if they only one they show their fake ID to is me. Make ID, show it to me, dispose of ID afterwards. Anyway, this has been an interesting thread, because what I am seeing is that there really isn't any reason why meeting physically is better at building a web-of-trust than alternate methods, if crafted thoughtfully. =) -- Wesley J. Landaker [EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgpscM5aLpFYI.pgp Description: PGP signature
Re: Keysigning without physically meeting ... thoughts?
On Tuesday 31 May 2005 23:54, Marc Haber wrote: The entire procedure is quite US centric. I don't understand why you US guys are so fond of your notaries. Over here, it's a three digit bill for the notary to open the office door and to offer you a chair, so there might be cultures where one thinks twice or even three times before having something notarized. Do you really mean the ENTIRE procedure, or do you just mean the notary? What would be a better way to replace that step for a global aware procedure? Or do you think it's necessary at all? Additionally, the web of trust is the web of trust because it is entirely self-contained, without putting any trust on government and state official. Your suggestion violates this principle by moving the verification state to the notary. The web of trust's point is to be self-contained once it exists. It might need to bootstrap itself using other methods. For instance, it's already not self-contained by the above definition--because when you meet somebody, you don't just believe them when they say they are who they are, you make them show you some sort of ID, usually a government-issued one. Or do you think that when signing somebody's GPG key, one shouldn't ask for government issued ID, but use some other criteria? If so, I'm curious what a good protocol would be. Even if the notary were sufficiently advanced to offer PGP key signing with her official key this were not good enough for Debian, since the Debian web of trust explicitly relies on being self-contained. You'd need to have a DD notary, which at this point makes the signature valid because of the DD property, and being notary becomes irrelevant. The notary was to make a connection between the person's government ID and their picture--the other parts were to connect the picture with the e-mail address and GPG key. If this were sufficient to determine that someone is who they say they are to about as good of an degree as meeting someone in person and checking their ID (even if both methods share weaknesses), I'd say that's a success. Wouldn't you? -- Wesley J. Landaker [EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgpCbDrVZoFwk.pgp Description: PGP signature
Re: Keysigning without physically meeting ... thoughts?
On Tuesday 31 May 2005 23:54, Marc Haber wrote: The entire procedure is quite US centric. I don't understand why you US guys are so fond of your notaries. Over here, it's a three digit bill for the notary to open the office door and to offer you a chair, so there might be cultures where one thinks twice or even three times before having something notarized. One thing I should mention, that others sort of alluded to. In the US, a notary is very inexpensive. For example, often if you have an account at a bank, you can have documents notarized there for free (as I can at my bank) or for a few dollars. That said, I can only think of about 1 thing I've ever needed to have notarized in my life, so it's not like I'm fond of notaries--but they seem to fulfill their intended purpose. -- Wesley J. Landaker [EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgpy683rbO8sp.pgp Description: PGP signature
Re: Keysigning without physically meeting ... thoughts?
In article [EMAIL PROTECTED] you wrote: Well, the whole point is that they also certify that you are who you say you are, i.e. they check your ID. In germany the post offices offer a service where you hand the clerk your id and he will check it, enter the details into a letter which he sends to the receipient. This is called postident. That way you can do age checks and idendity proofs. However you have to trust a random person to do the job right. PGP has (undefined) assurance levels to express this. Greetings Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Keysigning without physically meeting ... thoughts?
Hi folks, I wrote this up to someone. I thought I'd share it, and get your thoughts. (e.g. anybody see any weaknesses in #1-#3 that *aren't* present in the typical meet, check ID, get GPG fingerprint, assuming #4 is always used afterwards?) On Tuesday 31 May 2005 08:44, Wesley J. Landaker wrote: For instance, I don't know if this is officially acceptable or not, but I would probably be willing to sign someone's key even if I hadn't met them in person, if I got in the mail: 1) A picture of them holding a recent newspaper with their GPG fingerprint and signature written on it. (This would relate the person's face signature with their GPG key, and verify that it's recent). 2) A copy of an acceptable (probably government-issued, non-expired) picture ID. (This would relate the person's face with their government identity). 3) A signed, dated, and notarized statement saying something to the effect of My name is __, my active e-mail that I control is [EMAIL PROTECTED], and the GPG fingerprint of my active key that I control and is not compromised is __. Attached to this statement is a picture of me with a newspaper dated ___ with the same GPG fingerprint, and a copy of my ___ photo ID, which I have shown to the undersigned notary. Signed __, notarized by ___. (Relates the date (which should be reasonably close to the time when the picture in #1 was taken--a few weeks at the most), their name, e-mail, and GPG fingerprint together by the statement, and the picture from #1, and with their government identity, as that is checked by the notary). 4) I'd sign the key, and send the updated key to the e-mail address given, signed by the GPG key with the fingerprint given. (Relates the e-mail address with the GPG key, as if they can't get the e-mail or decrypt the e-mail to get the signature, it effectively hasn't really been signed). -- Wesley J. Landaker [EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgpTmKyVwiLKk.pgp Description: PGP signature
Re: Keysigning without physically meeting ... thoughts?
On Tue, May 31, 2005 at 09:03:12AM -0600, Wesley J. Landaker wrote: I wrote this up to someone. I thought I'd share it, and get your thoughts. (e.g. anybody see any weaknesses in #1-#3 that *aren't* present in the typical meet, check ID, get GPG fingerprint, assuming #4 is always used afterwards?) Falsifying a government-issued ID is a criminal offence, regardless of how often it happens (using it to buy alcohol is not important; they simply raise the minimum age to compensate, so there's no need to enforce it there). Falsifying a random photograph is not illegal at all, and there is no reason why somebody wouldn't do it. Nothing here has verified their identity with any strength to speak of. A person who wants to generate an identity can do so with minimal effort and no repercussions - so why wouldn't they? On Tuesday 31 May 2005 08:44, Wesley J. Landaker wrote: For instance, I don't know if this is officially acceptable or not, but I would probably be willing to sign someone's key even if I hadn't met them in person, if I got in the mail: 1) A picture of them holding a recent newspaper with their GPG fingerprint and signature written on it. (This would relate the person's face signature with their GPG key, and verify that it's recent). 2) A copy of an acceptable (probably government-issued, non-expired) picture ID. (This would relate the person's face with their government identity). 3) A signed, dated, and notarized statement saying something to the effect of My name is __, my active e-mail that I control is [EMAIL PROTECTED], and the GPG fingerprint of my active key that I control and is not compromised is __. Attached to this statement is a picture of me with a newspaper dated ___ with the same GPG fingerprint, and a copy of my ___ photo ID, which I have shown to the undersigned notary. Signed __, notarized by ___. (Relates the date (which should be reasonably close to the time when the picture in #1 was taken--a few weeks at the most), their name, e-mail, and GPG fingerprint together by the statement, and the picture from #1, and with their government identity, as that is checked by the notary). 4) I'd sign the key, and send the updated key to the e-mail address given, signed by the GPG key with the fingerprint given. (Relates the e-mail address with the GPG key, as if they can't get the e-mail or decrypt the e-mail to get the signature, it effectively hasn't really been signed). -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | signature.asc Description: Digital signature
Re: Keysigning without physically meeting ... thoughts?
On Tuesday 31 May 2005 14:11, Andrew Suffield wrote: On Tue, May 31, 2005 at 09:03:12AM -0600, Wesley J. Landaker wrote: I wrote this up to someone. I thought I'd share it, and get your thoughts. (e.g. anybody see any weaknesses in #1-#3 that *aren't* present in the typical meet, check ID, get GPG fingerprint, assuming #4 is always used afterwards?) Falsifying a government-issued ID is a criminal offence, regardless of how often it happens (using it to buy alcohol is not important; they simply raise the minimum age to compensate, so there's no need to enforce it there). Falsifying a random photograph is not illegal at all, and there is no reason why somebody wouldn't do it. Nothing here has verified their identity with any strength to speak of. A person who wants to generate an identity can do so with minimal effort and no repercussions - so why wouldn't they? Right, but they have to get it notarized (or forge a notary's seal, which is a criminal offense, at least in the US) which requires government ID (again, at least in the US). Regardless, how is this different from meeting someone in person? They can just show me their fake ID--I won't know it's fake. (And, as you said, forged ID happens a lot and is easily available. =) -- Wesley J. Landaker [EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgpwZ651ztwc2.pgp Description: PGP signature
Re: Keysigning without physically meeting ... thoughts?
On Tue, 31 May 2005 14:13:54 -0600 Wesley J. Landaker [EMAIL PROTECTED] wrote: On Tuesday 31 May 2005 14:11, Andrew Suffield wrote: On Tue, May 31, 2005 at 09:03:12AM -0600, Wesley J. Landaker wrote: I wrote this up to someone. I thought I'd share it, and get your thoughts. (e.g. anybody see any weaknesses in #1-#3 that *aren't* present in the typical meet, check ID, get GPG fingerprint, assuming #4 is always used afterwards?) Falsifying a government-issued ID is a criminal offence, regardless of how often it happens (using it to buy alcohol is not important; they simply raise the minimum age to compensate, so there's no need to enforce it there). Falsifying a random photograph is not illegal at all, and there is no reason why somebody wouldn't do it. Nothing here has verified their identity with any strength to speak of. A person who wants to generate an identity can do so with minimal effort and no repercussions - so why wouldn't they? Right, but they have to get it notarized (or forge a notary's seal, which is a criminal offense, at least in the US) which requires government ID (again, at least in the US). Regardless, how is this different from meeting someone in person? They can just show me their fake ID--I won't know it's fake. (And, as you said, forged ID happens a lot and is easily available. =) So why bother with steps 1 2 when 3 is the only one that carries any weight? Maybe there is a good reason that I do not know of, but I can not think of any. I am genuinely curious, though. Just my $0.02. Jacob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Keysigning without physically meeting ... thoughts?
On Tuesday 31 May 2005 20:48, Jacob S wrote: Regardless, how is this different from meeting someone in person? They can just show me their fake ID--I won't know it's fake. (And, as you said, forged ID happens a lot and is easily available. =) So why bother with steps 1 2 when 3 is the only one that carries any weight? Maybe there is a good reason that I do not know of, but I can not think of any. I am genuinely curious, though. The general idea was to be purposefully overkill--that if they were going to forge something, they'd have to forge a whole lot of it. Partly, this was in response to the (perceived(?)) guideline that you shouldn't ever sign someone's public key unless you've met them in person--I was trying to narrow down all of the links that were important (seeing the person's face, seeing their ID, seeing that the two match, knowing that it was actually the person I saw who has control of the key and that same person has control of their e-mail address, etc). Barring something I just totally missed, I believe what I wrote up is at least as good at determining that a person is who they say they are as meeting in person and checking ID's. Obviously there are always the issue of forgeries, but I don't think this method is any *worse* in the respect. But I thought I'd give anyone interested a chance to bang at the idea, because I'm curious if someone else knows something I don't. =) -- Wesley J. Landaker [EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgpCORrW0LTyO.pgp Description: PGP signature
Re: Keysigning without physically meeting ... thoughts?
On Tue, 31 May 2005 14:13:54 -0600, Wesley J. Landaker [EMAIL PROTECTED] wrote: Right, but they have to get it notarized (or forge a notary's seal, which is a criminal offense, at least in the US) which requires government ID (again, at least in the US). The entire procedure is quite US centric. I don't understand why you US guys are so fond of your notaries. Over here, it's a three digit bill for the notary to open the office door and to offer you a chair, so there might be cultures where one thinks twice or even three times before having something notarized. Additionally, the web of trust is the web of trust because it is entirely self-contained, without putting any trust on government and state official. Your suggestion violates this principle by moving the verification state to the notary. Even if the notary were sufficiently advanced to offer PGP key signing with her official key this were not good enough for Debian, since the Debian web of trust explicitly relies on being self-contained. You'd need to have a DD notary, which at this point makes the signature valid because of the DD property, and being notary becomes irrelevant. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834