IETF Logo Mail Archive

Re: [75attendees] No PGP Key Signing session??

Ted Lemon <Ted.Lemon@nominum.com> Tue, 28 July 2009 11:19 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: 75attendees@core3.amsl.com
Delivered-To: 75attendees@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BBF673A6C24 for <75attendees@core3.amsl.com>; Tue, 28 Jul 2009 04:19:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nDX4vj01m5Qb for <75attendees@core3.amsl.com>; Tue, 28 Jul 2009 04:19:43 -0700 (PDT)
Received: from exprod7og122.obsmtp.com (exprod7og122.obsmtp.com [64.18.2.22]) by core3.amsl.com (Postfix) with ESMTP id F416B3A6BC0 for <75attendees@ietf.org>; Tue, 28 Jul 2009 04:19:39 -0700 (PDT)
Received: from source ([64.89.228.229]) (using TLSv1) by exprod7ob122.postini.com ([64.18.6.12]) with SMTP ID DSNKSm7ezYuGCmmH5OrF0fpMyvurhD2itnED@postini.com; Tue, 28 Jul 2009 04:19:44 PDT
Received: from webmail.nominum.com (webmail.nominum.com [64.89.228.50]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client CN "webmail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 91F711B8348; Tue, 28 Jul 2009 04:19:51 -0700 (PDT)
Received: from [130.129.19.232] (130.129.19.232) by exchange-01.win.nominum.com (64.89.228.50) with Microsoft SMTP Server (TLS) id 8.1.336.0; Tue, 28 Jul 2009 04:19:39 -0700
References: <87prblgxjn.fsf@tower.fukt.bsnet.se> <4B4DFB71-0170-4E3B-8E6C-B9D285DF237F@muada.com> <p0625011bc69462be37e5@[10.4.39.11]>
Message-ID: <550D56D8-7D27-401D-8411-C5BF5E69F1FE@nominum.com>
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Pete Resnick <presnick@qualcomm.com>
In-Reply-To: <p0625011bc69462be37e5@[10.4.39.11]>
Content-Type: text/plain; charset="us-ascii"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
X-Mailer: iPhone Mail (7A341)
MIME-Version: 1.0 (iPhone Mail 7A341)
Date: Tue, 28 Jul 2009 13:19:26 +0200
Cc: "75attendees@ietf.org" <75attendees@ietf.org>
Subject: Re: [75attendees] No PGP Key Signing session??
X-BeenThere: 75attendees@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <75attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/75attendees>, <mailto:75attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/75attendees>
List-Post: <mailto:75attendees@ietf.org>
List-Help: <mailto:75attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/75attendees>, <mailto:75attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 11:19:43 -0000

On Jul 28, 2009, at 10:13 AM, Pete Resnick <presnick@qualcomm.com>  
wrote:

>
> I think checking government IDs is a TERRIBLE idea (though you are
> certainly allowed to do so). When I sign a key, I am saying that *I*
> know the person. I am not saying that I am an expert in determining
> forged or true government IDs and that I see that this person has a
> valid one. Personally, if I think you have signed someone's key
> because you checked their government ID, I will not trust your
> signature.

Right, what I care about is that you vouch for the person as being the  
owner of the particular network identity they are asserting, not that  
they have some particular legal identity. We aren't qualified to  
assert the latter, and should not.

v2.23.0 | Report a Bug | By Email