-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Folkert van Heusden wrote:
> Hi,
>
> I have an idea for key-signing people you can't meet face-to-face because
> of large distances or so: use a bank as trusted-third-party!
> To open an account at a bank, one needs to authenticate carefully to the
> bank by showing a passport or drivers license (at least here in the
> netherlands). So, if I send on euro (=European money) to person B, person
> B will know for sure that I am the person who I say I am. And that ought
> to be enough, right?

The strength of a chain is limited by its weakest link.
How much trust could you put in the check procedure of the bank ?
If crossing country, how can you trust the bank in the remote country ?
What about faked-id ? What about name usage (alias) ?
You might get a bank account with an alias as full name...
(for instance, wedding does not change the official full name of the
wife, still, traditionnaly, she get the husband's one... what's the
difference with getting my bank account labelled "His Highest Majesty,
King of the World, Emperess of Chaos, Pope of the seven seas, *my name*"
? ) (ok, the label is too long for the paycheck, but who care ?)

If at least the bank was signing the keys, you might grant part of trust
explicitely... So far, I wouldn't trust a bank for keys signing.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCOrRns/YJ43cSjHIRAigcAJ0S5iOMNHP+0sZAQdpYRi3a3I01NgCgilAw
r2buMh9ZkHA//cW/bSnVhBI=
=Ctwz
-----END PGP SIGNATURE-----

Folkert van Heusden wrote:
> Hi,
>
> I have an idea for key-signing people you can't meet face-to-face because
> of large distances or so: use a bank as trusted-third-party!
> To open an account at a bank, one needs to authenticate carefully to the
> bank by showing a passport or drivers license (at least here in the
> netherlands). So, if I send on euro (=European money) to person B, person
> B will know for sure that I am the person who I say I am. And that ought
> to be enough, right?

How would you know that the person who sent the money was the owner of
the key you wanted to sign?

Regards,

Bob

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2005-03-18, Folkert van Heusden wrote:
> Hi,
>
> I have an idea for key-signing people you can't meet face-to-face because
> of large distances or so: use a bank as trusted-third-party!
> To open an account at a bank, one needs to authenticate carefully to the
> bank by showing a passport or drivers license (at least here in the
> netherlands). So, if I send on euro (=European money) to person B, person
> B will know for sure that I am the person who I say I am. And that ought
> to be enough, right?
>
>
> Folkert van Heusden
>
> Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden!
> +------------------------------------------------------------------+
>|UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)|
>|a try, it brings monitoring logfiles to a different level! See |
>|http://vanheusden.com/multitail/features.html for a feature list. |
> +------------------------------------------= www.unixsoftware.nl =-+
> Phone: +31-6-41278122, PGP-key: 1F28D8AE

Surely you shouldn't need to meet someone to sign their keys, if you can
be linked through the web of trust?

Why would you want to sign someone's key whom you can't apply a strict
ID procedure on? I can't see the case for this, although there may be
one irl.

Adam

- --
http://www.monkeez.org
PGP key: 0x7111B833
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCO1gbLeLM1Z6tVakRAmygAKCleBV9ct3rXzSs58wQ6A eNDV5y/gCgpf4r
9ZslQJzftJUyN1qzKxdkdeM=
=JdLJ
-----END PGP SIGNATURE-----

>> I have an idea for key-signing people you can't meet face-to-face because
>> of large distances or so: use a bank as trusted-third-party!
>> To open an account at a bank, one needs to authenticate carefully to the
>> bank by showing a passport or drivers license (at least here in the
>> netherlands). So, if I send on euro (=European money) to person B, person
>> B will know for sure that I am the person who I say I am. And that ought
>> to be enough, right?
> How would you know that the person who sent the money was the owner of
> the key you wanted to sign?

You also have that problem in real life!

Folkert van Heusden wrote:

>> How would you know that the person who sent the money was the owner of
>> the key you wanted to sign?
>
> You also have that problem in real life!

True, but it is much easier to assess if there are no intermediates. If they
attend in person with their passport and printouts of the key fingerprint,
and you can match the photo to the person, you are off to a good start. If
they then have other methods of identification - conversations you have had
etc. etc. - it's fairly foolproof. But, as you say, nothing is absolute.

Regards,

Bob


--
Remove "x" from address to reply by email.