FST virtual key signing party on 2015-11-12

[Eric Christensen]

On Thursday, November 05, 2015 11:03:04 AM David Cafaro wrote:
> unable to show my legal ID in such a way it could be copied and used for
> identity theft.  I could possibly show it in a redacted form, if that
> was acceptable (hiding key pieces of information such as, address,
> birth, id number, etc...).

It's an interesting thought...  I sometimes have to show my ID to purchase 
alcohol or use my credit card and those are just random people off the street.  
I've never had anyone redact their ID for a face-to-face keysigning party and 
your information is just as likely to get copied there as this would be.  I do 
agree that there is a certain amount of PII [0] on an identification but isn't 
that what it's for (and thus what we're trying to do, identify someone?). 

Ultimately, it's up to the person signing your key to determine whether or not 
the identification you provide (redacted or not) provides them with the 
warm/fuzzy feeling they need to authenticate you.  Some feel that the usage of 
a certain key over a long enough period of time authenticates the user of that 
key and the address to their ideas (who really cares who the person really 
is?).

It's up to you whether or not you want to participate and if the other people 
will accept whatever form of identification you present.  I'd be interested to 
hear what others had to say on the topic, though.

[0] https://en.wikipedia.org/wiki/Personally_identifiable_information

--Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/security-team/attachments/20151105/69e3dd11/attachment.sig>