Joshua E. Hill (jehill@w6bhz.calpoly.edu) wrote:

Because _these_ people _are_ binding true names to keys. That's what _this_ is about.

No, they're binding supposedly government-issued ids to keys. There's a difference. There are three problems with signing keys based on government-issued ids. 1. There's no link between a driver's license and an email address, so anyone with a license for 'Mark Grant' could claim to be the owner of the 'mark@unicorn.com' key. 2. Governments will issue fake ids to their agents, so there's no proof that that 'Mark Grant' is 'really' 'Mark Grant' and not 'Joe Sasquatch, NSA, FBI, BATF'. 3. Thieves have got fed up with faking individual licenses and can now do so wholesale; see the following from a recent RISKS Digest (18:94) ------------------------------ Date: Tue, 25 Mar 1997 16:39:50 -0500 (EST)

From: GaryG4430@aol.com Subject: Thieves steal license machines

Excuse me Sir, but would you watch my Golden Goose while I go get a cup of coffee? Published in the *Portland Oregonian*, 25 Mar 1997, p.2, Around the Nation: Thieves steal license machines MIAMI - Last year, Florida bought computers to make driver's licenses that are virtually impossible to counterfeit. But brazen South Florida thieves have been stealing the computers, sometimes later returning to the scene to pick up accessories. In seven burglaries at five virtually unprotected driver's license offices from Key Largo to Okeechobee, crooks have gathered the $15,000 computers, software and supplies for five complete systems -everything they would need to crank out the state's new high-tech, counterfeit-resistant licenses. Yup, only our high-tech systems can make our high-security, tamperproof, extremely valuable documents. And you can't just buy one of these system just anywhere... Gary Grossoehme, Oregon Electronics [Also commented on by Bob_Frankston@frankston.com, who notes that if the new licenses are considered "foolproof", it only increases their value! PGN] ------------------------------