On Fri, 21 Sep 2001, Tim May wrote:
It's too bad so many people are so confused about what a "Web of Trust" is.
Do I need a "positive picture ID" of Lucky Green to communicate with him securely? Black Unicorn? Pr0duct Cypher? Eric Hughes? Attila the Hun?
The notion that a particular credential with a picture on it means anything, or should be given weight, is one of the most dangerous ideas there is. For the obvious reasons.
As a hint, the people you _don't_ want to trust are a helluva lot more likely to have nice, neat picture IDs than people like Lucky Green are.
--Tim May (not my true name)
To elaborate a little, In the PGP-style "Web of Trust", each user is effectively his own Certificate Authority. Likewise, each user has his own form of CPS. Some users will indiscriminately sign other people's keys. Some users will require "government issued ID". Some users will require that they personally know another person for some set amount of time before signing his key. By signing a key, you are, in effect, asserting to the world a belief in the identity of the key holder. One can communicate securely with other users even if he never signs another person's key. Signing is entirely optional -- a service, so to speak, to the other members of one's community. (Indeed, there are more than a few cypherpunks who do not sign keys at all, because of the information it reveals about their associations with others.) Those of us who know better would not rely on a simple picture ID to prove identity. Likewise, we would not put much faith in certifications made by someone who used that criteria for verification. But PGP users are free to use whatever means they like in "verifying" identities. The problem I see in "V Alex Brennen's" announcement is that he is requiring photo-ID for a key signing party. The *only* function a key signing party serves is to facilitate the pairing of keys (by their fingerprints) with bodies (either individuals, or organizations represented by the proper individuals). The key signing party organizer's responsibility ends there. He should not be dictating key signing policy to the end users. Picture IDs are just one of many methods of determining identity, and as Tim points out, a poor one, and useless for pseudonyms. In the case of a conference or other gathering of strangers where a large key signing party is planned, it is my recommendation that, rather than each individual signing keys of other conference attendees (unless there is an existing trust relationship between individual attendees), the conference organizers create a conference signing key with which to sign attendees' keys. This provides information about the key (it was presented at such-and-such a conference by a person calling himself so-and-so) and also clearly defines the limits of this information. Users can later take that into account when evaluating whether or not to "trust" the signed key. (Many of us will find this certification useless, and others will find it undesirable for the information it leaks about us. Which is why key signings are voluntary.) -MW-