Government credentials and picture IDs

Meyer Wolfsheim wolf at priori.net
Fri Sep 21 12:21:20 PDT 2001


On Fri, 21 Sep 2001, Tim May wrote:

> It's too bad so many people are so confused about what a "Web of Trust"
> is.
>
> Do I need a "positive picture ID" of Lucky Green to communicate with him
> securely? Black Unicorn? Pr0duct Cypher? Eric Hughes? Attila the Hun?
>
> The notion that a particular credential with a picture on it means
> anything, or should be given weight, is one of the most dangerous ideas
> there is. For the obvious reasons.
>
> As a hint, the people you _don't_ want to trust are a helluva lot more
> likely to have nice, neat picture IDs than people like Lucky Green are.
>
> --Tim May (not my true name)

To elaborate a little,

In the PGP-style "Web of Trust", each user is effectively his own
Certificate Authority. Likewise, each user has his own form of CPS. Some
users will indiscriminately sign other people's keys. Some users will
require "government issued ID". Some users will require that they
personally know another person for some set amount of time before signing
his key.

By signing a key, you are, in effect, asserting to the world a belief in
the identity of the key holder. One can communicate securely with other
users even if he never signs another person's key. Signing is entirely
optional -- a service, so to speak, to the other members of one's
community.  (Indeed, there are more than a few cypherpunks who do not sign
keys at all, because of the information it reveals about their
associations with others.)

Those of us who know better would not rely on a simple picture ID to prove
identity. Likewise, we would not put much faith in certifications made by
someone who used that criteria for verification. But PGP users are free to
use whatever means they like in "verifying" identities.

The problem I see in "V Alex Brennen's" announcement is that he is
requiring photo-ID for a key signing party. The *only* function a key
signing party serves is to facilitate the pairing of keys (by their
fingerprints) with bodies (either individuals, or organizations
represented by the proper individuals). The key signing party organizer's
responsibility ends there. He should not be dictating key signing policy
to the end users.

Picture IDs are just one of many methods of determining identity, and as
Tim points out, a poor one, and useless for pseudonyms.

In the case of a conference or other gathering of strangers where a large
key signing party is planned, it is my recommendation that, rather than
each individual signing keys of other conference attendees (unless there
is an existing trust relationship between individual attendees), the
conference organizers create a conference signing key with which to sign
attendees' keys. This provides information about the key (it was presented
at such-and-such a conference by a person calling himself so-and-so) and
also clearly defines the limits of this information. Users can later take
that into account when evaluating whether or not to "trust" the signed key.

(Many of us will find this certification useless, and others will find it
undesirable for the information it leaks about us. Which is why key
signings are voluntary.)


-MW-






More information about the cypherpunks-legacy mailing list