This subject is increasingly off-topic for -devel. I've cc'd this message to -users; let's see if we can't move the thread there.
Niels Dettenbach wrote: > Hmmm, Keysigning parties makes sense if they strictly follow serious > procedures and requirements - but can't give a 100% security (as the > most other identity checks too). Even a Passport could be modified or > cheated. With a high-quality forged passport I can not only travel -- I can also vote, run for (most) public offices, get utilities in my name, open bank accounts, and so on. Those secondary pieces of documentation won't be forgeries, they'll be real -- and once I have them, I destroy my forged passport and settle into my new assumed identity. If the attacker is smart enough and savvy enough to get a high-quality forged passport, there's no way they'll present it for inspection to someone who's actively looking for a forged passport. They'll present their real (obtained illegally and containing incorrect information, but quite real) identity documents instead. Further, you won't find 100% security anywhere. Pursuing it is an ephemera. You won't get there, and if you obsess over it your obsession will ultimately hurt your security. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
