[kwlug-disc] Generating and using PGP keys

Chris Frey cdfrey at foursquare.net
Fri Feb 20 15:33:54 EST 2009


On Fri, Feb 20, 2009 at 09:35:01AM -0500, Adam Glauser wrote:
> Chris Frey wrote:
> >For me, I already know
> >you, so I'd just want to make sure you haven't been
> >using an alias all this time. :-)
> 
> Actually, would it really matter?  For many purposes, it is enough to 
> know that the person you call Brent is the same person that is claiming 
> to be the person you know as Brent in emails to this list.
> 
> The kinds of situations where this distinction might be important are 
> communities where both reputation and anonymity are paramount.  Two 
> examples I can think of are human rights organizing and filesharing 
> release groups (without implying moral similarity).

It depends what statement you are making with your act of signing the key.
If your signature represents your best effort at something "as good as
physical ID", then it makes sense to check that ID first.  I think there
are a lot of people that make that assumption about key signing.

But I agree that it is not necessary depending on the situation.

I wonder if it is possible to attach a note to key signatures specifying
what you mean by that signature.  I think there are already levels
of signing, but it's been a while since I've signed a key.

- Chris





More information about the kwlug-disc mailing list