On 10/22/2013 11:01 AM, Stan Tobias wrote: > But this is not a real identification - almost none of us > has means to confirm an identity, which is a job for a detective.
Last time I walked into a courthouse to speak with a judge the marshal asked for my driver's license -- he checked the photograph to make sure it was me, held it up to the light to check for a hologram, then checked the logbook to see if I was an expected visitor. Once he saw my name listed in the logbook he gave my driver's license back and buzzed me in. As far as the U.S. Marshal was concerned, my identity had been proven to a sufficient degree. He certainly didn't conduct a background check on me. (My father and cousin are both judges, if you're wondering why I visit courthouses so often.) That phrase, "to a sufficient degree," is important. You cannot ever verify someone's identity 100%, not even with DNA testing -- it's always possible they have an identical twin, always possible the lab work was sloppy and done in error, etc. What you want to do instead is have a certain level of confidence in someone's identity. For some people, that level of confidence is "this person says they are so-and-so." For other people, that level of confidence is "this person has a passport saying they are so-and-so." OpenPGP is completely silent about what level of confidence you should have for a certification. It only says that when you sign a certificate, you are making an assertion about identity: that, to a level exceeding your threshold of certainty, such-and-such an identifier is an accurate descriptor for the individual or agency who controls the private part of a certificate. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
