FST virtual key signing party on 2015-11-12

[Eric Christensen]

On Thursday, November 05, 2015 11:45:44 AM David Cafaro wrote:
> In an in person meeting you generally have some control over if your id
> is being recorded, and have some idea of visual access to it.  For
> example showing an ID while purchasing alcohol, you can see if the clerk
> is holding a camera, and if/where the security cameras are likely
> recording.  You can also hold your ID in such a manner to reduce the
> risk of camera recording while not blocking the ID from the sight of the
> checker.

Or maybe the person has an eidetic memory[0]?

> Given that we all could pretty easily forge an ID to show over a video
> camera, showing a real redacted ID probably doesn't make it any
> more/less valid.  But, as you said, it's up to others to determine trust

After talking with my wife (the attorney) I came to the conclusion of this:

I'm matching the person with the picture, the picture with the name (on the 
ID), the name with the name on the key, the key with the email address, and 
then the person's ability to apply the signature to their key after receiving 
the email (they have control of the email account) and decrypting the message 
(they have control of the key).  I don't really care about the address, the ID 
number, or the date of birth although they all go with validating the ID.

One day I'm going to get all this down on paper and publish my thoughts on 
what identity really is.  This discussion will likely be a part of that effort.

[0] https://en.wikipedia.org/wiki/Eidetic_memory

--Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/security-team/attachments/20151105/c954dff1/attachment.sig>