Hi Gunnar, I'm basically in Sydney Australia, however finding time to meet people is difficult these days, with work, a wife and two little kids. I live in Penrith NSW, and work in Granville NSW. I do travel up and down the east coast of Australia and around Sydney for work, buts its sporadic. If anyone living in the Sydney area wanted to meet up, I'd be all for it. Thanks. On Tue, 2016-06-21 at 22:57 -0500, Gunnar Wolf wrote: > Jason Thomas dijo [Mon, Jun 20, 2016 at 12:31:57PM +1000]: > > Hi all, > > > > I need to get my key signed, is anyone willing to work with me via > > video conferencing. > > > > I have uploaded my key to keyring.debian.org and I have also signed > > this message. > > > > I have a scan of my government issued drivers licence available. > > <keyring-maint> > > The medium you use to verify your counterpart's identity when > performing a signature is completely up to you; I could be perfectly > happy with cross-signing with $person via videoconferencing — But > what > we push, what we *really* expect each of us to do, is to actually > *ensure identity*. > > For some, ensuring identity is a matter of checking a > government-issued ID. In this case, Jason is providing a scan of such > an ID. Might I add, in case you take on his request: Are you familiar > with his country's drivers licenses? How hard are they to forge? How > hard would they be to digitally manipulate without other parties > noticing? If that satisfies you, please go ahead and sign. Of course, > Jason, same for you — Although it suffices for us to have your key > "reachable" from the strong set, we really prefer your key being part > of the strong set (that is, other keys being reachable from yours). > If > somebody signs your key, please try to sign theirs as well (if you > are > convinced of their identity). > > Now, I have said this too many times, but once more: As keyring- > maint, > we are not collecting samples of people showing valid-looking ID > documents to others. This is one of the issues why we don't have > long-queue key signing parties: Just checking the ID of a complete > stranger is not real identity validation. > > My personal guideline is that I will sign your key if and only if I > see your face and can think of your name, and the opposite way > around. That is, if I have a decently-lasting memory of you. Being my > brain so deffective in that sense, it is quite a high bar to pass. > But > it's also very flexible as well: I can count several dozens of people > in this project who could set up a videoconference with me, read a > key > fingerprint with no further requisites, and have a successful > exchange. > > Just as an example (as he answered to this mail), were Jonas to ever > require a key signature from me, he is free to video-call me, even if > he decided to burn all of his government-issued papers, as his face > is > worth more to me than any document. Of course, that gives me the > flexibility to also decide to sign pseudonymous keys — I have several > friends who are not OK with divulging their official identity. I > often > don't know their real names. That won't stop me from signing their > keys, if their pseudonym's usage is long-term and consistent. > > I like my personal policy, but cannot enforce it on anybody. I expect > us all DDs to be careful and responsible on what we sign. Define > responsible as you prefer. > > Jason, as Jonas said: Where do you live? We are most interested in > you > getting your key back online. If you want, contact us directly to > keyring-ma...@debian.org (or publicly here, if you are OK with it) > and > we can try to arrange for an in-person meeting between you and > somebody else! > > </keyring-maint>
signature.asc
Description: This is a digitally signed message part
