idea for key-signing someone you can't meet face-to-face - PGP

This is a discussion on idea for key-signing someone you can't meet face-to-face - PGP ; Hi, I have an idea for key-signing people you can't meet face-to-face because of large distances or so: use a bank as trusted-third-party! To open an account at a bank, one needs to authenticate carefully to the bank by showing ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: idea for key-signing someone you can't meet face-to-face

  1. idea for key-signing someone you can't meet face-to-face

    Hi,

    I have an idea for key-signing people you can't meet face-to-face because
    of large distances or so: use a bank as trusted-third-party!
    To open an account at a bank, one needs to authenticate carefully to the
    bank by showing a passport or drivers license (at least here in the
    netherlands). So, if I send on euro (=European money) to person B, person
    B will know for sure that I am the person who I say I am. And that ought
    to be enough, right?


    Folkert van Heusden

    Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden!
    +------------------------------------------------------------------+
    |UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)|
    |a try, it brings monitoring logfiles to a different level! See |
    |http://vanheusden.com/multitail/features.html for a feature list. |
    +------------------------------------------= www.unixsoftware.nl =-+
    Phone: +31-6-41278122, PGP-key: 1F28D8AE

  2. Re: idea for key-signing someone you can't meet face-to-face

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Folkert van Heusden wrote:
    > Hi,
    >
    > I have an idea for key-signing people you can't meet face-to-face because
    > of large distances or so: use a bank as trusted-third-party!
    > To open an account at a bank, one needs to authenticate carefully to the
    > bank by showing a passport or drivers license (at least here in the
    > netherlands). So, if I send on euro (=European money) to person B, person
    > B will know for sure that I am the person who I say I am. And that ought
    > to be enough, right?


    The strength of a chain is limited by its weakest link.
    How much trust could you put in the check procedure of the bank ?
    If crossing country, how can you trust the bank in the remote country ?
    What about faked-id ? What about name usage (alias) ?
    You might get a bank account with an alias as full name...
    (for instance, wedding does not change the official full name of the
    wife, still, traditionnaly, she get the husband's one... what's the
    difference with getting my bank account labelled "His Highest Majesty,
    King of the World, Emperess of Chaos, Pope of the seven seas, *my name*"
    ? ) (ok, the label is too long for the paycheck, but who care ?)

    If at least the bank was signing the keys, you might grant part of trust
    explicitely... So far, I wouldn't trust a bank for keys signing.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFCOrRns/YJ43cSjHIRAigcAJ0S5iOMNHP+0sZAQdpYRi3a3I01NgCgilAw
    r2buMh9ZkHA//cW/bSnVhBI=
    =Ctwz
    -----END PGP SIGNATURE-----

  3. Re: idea for key-signing someone you can't meet face-to-face



    Folkert van Heusden wrote:
    > Hi,
    >
    > I have an idea for key-signing people you can't meet face-to-face because
    > of large distances or so: use a bank as trusted-third-party!
    > To open an account at a bank, one needs to authenticate carefully to the
    > bank by showing a passport or drivers license (at least here in the
    > netherlands). So, if I send on euro (=European money) to person B, person
    > B will know for sure that I am the person who I say I am. And that ought
    > to be enough, right?


    How would you know that the person who sent the money was the owner of
    the key you wanted to sign?

    Regards,

    Bob

  4. Re: idea for key-signing someone you can't meet face-to-face

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On 2005-03-18, Folkert van Heusden wrote:
    > Hi,
    >
    > I have an idea for key-signing people you can't meet face-to-face because
    > of large distances or so: use a bank as trusted-third-party!
    > To open an account at a bank, one needs to authenticate carefully to the
    > bank by showing a passport or drivers license (at least here in the
    > netherlands). So, if I send on euro (=European money) to person B, person
    > B will know for sure that I am the person who I say I am. And that ought
    > to be enough, right?
    >
    >
    > Folkert van Heusden
    >
    > Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden!
    > +------------------------------------------------------------------+
    >|UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)|
    >|a try, it brings monitoring logfiles to a different level! See |
    >|http://vanheusden.com/multitail/features.html for a feature list. |
    > +------------------------------------------= www.unixsoftware.nl =-+
    > Phone: +31-6-41278122, PGP-key: 1F28D8AE


    Surely you shouldn't need to meet someone to sign their keys, if you can
    be linked through the web of trust?

    Why would you want to sign someone's key whom you can't apply a strict
    ID procedure on? I can't see the case for this, although there may be
    one irl.

    Adam

    - --
    http://www.monkeez.org
    PGP key: 0x7111B833
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (GNU/Linux)

    iD8DBQFCO1gbLeLM1Z6tVakRAmygAKCleBV9ct3rXzSs58wQ6A eNDV5y/gCgpf4r
    9ZslQJzftJUyN1qzKxdkdeM=
    =JdLJ
    -----END PGP SIGNATURE-----

  5. Re: idea for key-signing someone you can't meet face-to-face

    >> I have an idea for key-signing people you can't meet face-to-face because
    >> of large distances or so: use a bank as trusted-third-party!
    >> To open an account at a bank, one needs to authenticate carefully to the
    >> bank by showing a passport or drivers license (at least here in the
    >> netherlands). So, if I send on euro (=European money) to person B, person
    >> B will know for sure that I am the person who I say I am. And that ought
    >> to be enough, right?

    > How would you know that the person who sent the money was the owner of
    > the key you wanted to sign?


    You also have that problem in real life!


  6. Re: idea for key-signing someone you can't meet face-to-face



    Folkert van Heusden wrote:

    >> How would you know that the person who sent the money was the owner of
    >> the key you wanted to sign?

    >
    > You also have that problem in real life!


    True, but it is much easier to assess if there are no intermediates. If they
    attend in person with their passport and printouts of the key fingerprint,
    and you can match the photo to the person, you are off to a good start. If
    they then have other methods of identification - conversations you have had
    etc. etc. - it's fairly foolproof. But, as you say, nothing is absolute.

    Regards,

    Bob


    --
    Remove "x" from address to reply by email.

+ Reply to Thread