FST virtual key signing party on 2015-11-12

[David Cafaro]

On 11/05/2015 11:31 AM, Eric Christensen wrote:
> On Thursday, November 05, 2015 11:03:04 AM David Cafaro wrote:
>> unable to show my legal ID in such a way it could be copied and used for
>> identity theft.  I could possibly show it in a redacted form, if that
>> was acceptable (hiding key pieces of information such as, address,
>> birth, id number, etc...).
> It's an interesting thought...  I sometimes have to show my ID to purchase 
> alcohol or use my credit card and those are just random people off the street.  
> I've never had anyone redact their ID for a face-to-face keysigning party and 
> your information is just as likely to get copied there as this would be.  I do 
> agree that there is a certain amount of PII [0] on an identification but isn't 
> that what it's for (and thus what we're trying to do, identify someone?). 
In an in person meeting you generally have some control over if your id
is being recorded, and have some idea of visual access to it.  For
example showing an ID while purchasing alcohol, you can see if the clerk
is holding a camera, and if/where the security cameras are likely
recording.  You can also hold your ID in such a manner to reduce the
risk of camera recording while not blocking the ID from the sight of the
checker.

If someone asked to see my ID and were wearing google glass or other
form of camera, I would refuse.  It may mean I have to give up on the
transaction.

Does it guarantee it's protected?  No, my checks and balances can easily
be circumvented by a determined attacker ;-).

But, it does raise the bar (and put the person willing to snatch my ID
into a different legal classification if it comes to the courts) in what
is required to gather that information.

Given that we all could pretty easily forge an ID to show over a video
camera, showing a real redacted ID probably doesn't make it any
more/less valid.  But, as you said, it's up to others to determine trust
level.

Cheers,
David, the paranoid...