On Thu, 25 Apr 2002, Jason Lunz wrote:
> trust web is an "identity". That can (and should) be independent of real
> name. Why? Because there are people in the world who live in countries
> or situations where they cannot safely reveal their real life identity.
Join the cDc then, but not Debian.
-
On Thu, Apr 25, 2002 at 05:38:40PM -0400, Jason Lunz wrote:
> I think this needs more consideration. What is being signed into the
> trust web is an "identity". That can (and should) be independent of real
> name. Why? Because there are people in the world who live in countries
> or situations wher
[EMAIL PROTECTED] said:
>> Should I sign his key ?
>
> No. Request that he adds an UID to his key with his name as it appears on
> his documents (the name that he would have in a international travel pass,
> for example), and sign THAT UID (and any others you have verified to be
> completely true)
On Thu, 25 Apr 2002, Jason Lunz wrote:
> trust web is an "identity". That can (and should) be independent of real
> name. Why? Because there are people in the world who live in countries
> or situations where they cannot safely reveal their real life identity.
Join the cDc then, but not Debian.
On Thu, Apr 25, 2002 at 05:38:40PM -0400, Jason Lunz wrote:
> I think this needs more consideration. What is being signed into the
> trust web is an "identity". That can (and should) be independent of real
> name. Why? Because there are people in the world who live in countries
> or situations whe
[EMAIL PROTECTED] said:
>> Should I sign his key ?
>
> No. Request that he adds an UID to his key with his name as it appears on
> his documents (the name that he would have in a international travel pass,
> for example), and sign THAT UID (and any others you have verified to be
> completely true
On Thu, 25 Apr 2002, christophe barbé wrote:
> But the key makes no references to his name.
[...]
> Should I sign his key ?
No. Request that he adds an UID to his key with his name as it appears on
his documents (the name that he would have in a international travel pass,
for example), and sign TH
On Thu, Apr 25, 2002 at 11:22:50AM -0400, christophe barb? wrote:
> IDs are easily forged. I am sure of that since I have see how it works
To misquote Old Man Murray, it's better than relying on scent.
IDs are the best thing we have for identifying the person's real name,
and real names are _requ
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> > He use his email address in his gpg key but his email address is not
> > related to his name.
>
> > I am sure he is the guy behind the key.
> > I started this thread because of the debian implication.
>
> > I believe that from th
On Thu, Apr 25, 2002 at 11:20:30AM -0400, christophe barbé wrote:
> On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> > Upon rereading, I see what you're asking here. You're worried that if
> > you sign a uid that doesn't have his name on it, and he adds another uid
> > later that
On Thu, Apr 25, 2002 at 10:50:43AM -0400, Chad Miller wrote:
> No! One doesn't really sign "keys". One signs identification. If you meet
> someone, your goal is to match the picture ID with the face, and the name on
> the ID with the UID in the keyring. Just because we meet, and I show you
> an
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> Upon rereading, I see what you're asking here. You're worried that if
> you sign a uid that doesn't have his name on it, and he adds another uid
> later that does have a name on it (not necessarily his), this will
> mistakenly be ac
On Thu, Apr 25, 2002 at 10:04:39AM -0500, Steve Langasek wrote:
> I still don't understand what you mean by a 'without-ID key'. It's
> difficult to give you a clear answer unless you can give us tangible
> information. A PGP uid has three parts to it: a name, an email address,
> and a comment. W
On Thu, Apr 25, 2002 at 10:56:31AM -0400, christophe barbé wrote:
> I forgot to mention that we exchanged encrypted secret words and that I
> check the fingerprint when I meet him.
> He use his email address in his gpg key but his email address is not
> related to his name.
> I am sure he is the
christophe barbé <[EMAIL PROTECTED]> writes:
> I forgot to mention that we exchanged encrypted secret words and that I
> check the fingerprint when I meet him.
>
> He use his email address in his gpg key but his email address is not
> related to his name.
>
> I am sure he is the guy behind the k
On Thu, Apr 25, 2002 at 10:56:31AM -0400, christophe barbé wrote:
> I forgot to mention that we exchanged encrypted secret words and that I
> check the fingerprint when I meet him.
> He use his email address in his gpg key but his email address is not
> related to his name.
> I am sure he is the
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy behind the key.
I started this thread because of the debian implication
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barb? wrote:
> I wonder if it is acceptable to sign a key from someone that :
> [irrelevent stuff]
> But the key makes no references to his name.
>
> In my understanding the ID is useless but I have enough element to
> believe he is the guy he
On Thu, 25 Apr 2002, christophe barbé wrote:
> But the key makes no references to his name.
[...]
> Should I sign his key ?
No. Request that he adds an UID to his key with his name as it appears on
his documents (the name that he would have in a international travel pass,
for example), and sign T
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barbé wrote:
> I wonder if it is acceptable to sign a key from someone that :
> - I meet him personnaly and saw his ID
> - I saw him in a public meeting in a specific role (We can consider he
> is well known)
> - I have a lot of public mails
On Thu, Apr 25, 2002 at 11:22:50AM -0400, christophe barb? wrote:
> IDs are easily forged. I am sure of that since I have see how it works
To misquote Old Man Murray, it's better than relying on scent.
IDs are the best thing we have for identifying the person's real name,
and real names are _req
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> > He use his email address in his gpg key but his email address is not
> > related to his name.
>
> > I am sure he is the guy behind the key.
> > I started this thread because of the debian implication.
>
> > I believe that from t
On Thu, Apr 25, 2002 at 11:20:30AM -0400, christophe barbé wrote:
> On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> > Upon rereading, I see what you're asking here. You're worried that if
> > you sign a uid that doesn't have his name on it, and he adds another uid
> > later that
On Thu, Apr 25, 2002 at 10:50:43AM -0400, Chad Miller wrote:
> No! One doesn't really sign "keys". One signs identification. If you meet
> someone, your goal is to match the picture ID with the face, and the name on
> the ID with the UID in the keyring. Just because we meet, and I show you
> a
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> Upon rereading, I see what you're asking here. You're worried that if
> you sign a uid that doesn't have his name on it, and he adds another uid
> later that does have a name on it (not necessarily his), this will
> mistakenly be a
On Thu, Apr 25, 2002 at 10:04:39AM -0500, Steve Langasek wrote:
> I still don't understand what you mean by a 'without-ID key'. It's
> difficult to give you a clear answer unless you can give us tangible
> information. A PGP uid has three parts to it: a name, an email address,
> and a comment.
On Thu, Apr 25, 2002 at 10:56:31AM -0400, christophe barbé wrote:
> I forgot to mention that we exchanged encrypted secret words and that I
> check the fingerprint when I meet him.
> He use his email address in his gpg key but his email address is not
> related to his name.
> I am sure he is th
christophe barbé <[EMAIL PROTECTED]> writes:
> I forgot to mention that we exchanged encrypted secret words and that I
> check the fingerprint when I meet him.
>
> He use his email address in his gpg key but his email address is not
> related to his name.
>
> I am sure he is the guy behind the
On Thu, Apr 25, 2002 at 10:56:31AM -0400, christophe barbé wrote:
> I forgot to mention that we exchanged encrypted secret words and that I
> check the fingerprint when I meet him.
> He use his email address in his gpg key but his email address is not
> related to his name.
> I am sure he is th
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy behind the key.
I started this thread because of the debian implicatio
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barb? wrote:
> I wonder if it is acceptable to sign a key from someone that :
> [irrelevent stuff]
> But the key makes no references to his name.
>
> In my understanding the ID is useless but I have enough element to
> believe he is the guy h
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barbé wrote:
> I wonder if it is acceptable to sign a key from someone that :
> - I meet him personnaly and saw his ID
> - I saw him in a public meeting in a specific role (We can consider he
> is well known)
> - I have a lot of public mails
32 matches
Mail list logo
