Re: [local] Report on Portland Cpunks meeting
At 16:40 1/23/96, Perry E. Metzger wrote:
Each person gets a sheet. Either each person in the room reads their fingerprint in turn from their own copy, with each person in the room checking the read fingerprint against the fingerprint on the handout, or an appointed reader (or set of readers at the last IETF) read the fingerprints in turn and ask the owner of the key to then simply say "yes" or "its mine" or whatever to verify that the fingerprint matches their own copy of the print.
How do they verify that the person confirming the fingerprint is indeed the person supposedly owning the key? -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
Lucky Green writes:
At 16:40 1/23/96, Perry E. Metzger wrote:
Each person gets a sheet. Either each person in the room reads their fingerprint in turn from their own copy, with each person in the room checking the read fingerprint against the fingerprint on the handout, or an appointed reader (or set of readers at the last IETF) read the fingerprints in turn and ask the owner of the key to then simply say "yes" or "its mine" or whatever to verify that the fingerprint matches their own copy of the print.
How do they verify that the person confirming the fingerprint is indeed the person supposedly owning the key?
Thats up to the people signing. In most cases in that sort of environment, you know about 30% of the people in the room, and you sign their keys (and no one elses, which is reasonable). In other environments, people could go about afterwards and examine ID or whatever it would be that they would want to do. .pm
On Wed, 24 Jan 1996, Perry E. Metzger wrote:
How do they verify that the person confirming the fingerprint is indeed the person supposedly owning the key?
Thats up to the people signing. In most cases in that sort of environment, you know about 30% of the people in the room, and you sign their keys (and no one elses, which is reasonable).
This is pretty much the pure web-o-trust model - the identity of the person is assmed to be known at the start of the process, and what is verified is the key- closure gets you the other folks. I'm usually not to keen on WOT, but if it was an AI project, this is the example that would be in the writeup :-)
participants (3)
-
Perry E. Metzger -
shamrock@netcom.com -
Simon Spero