[Herts] Re: Key signing

[Andrew Benham]

Steve Clark wrote:

 > For the actual signing you just need to bring printouts of your key
 > signature and some form of identification e.g. passport or photo
 > driving
 > licence. Those willing to sign your key can check your identity and
 > sign
 > it at their leisure before re-uploading it to the keyservers.
 > For the actual signing you just need to bring printouts of your key
 > signature and some form of identification e.g. passport or photo
 > driving
 > licence. Those willing to sign your key can check your identity and
 > sign
 > it at their leisure before re-uploading it to the keyservers.

If there's going to be *useful* key-signing, please remember that one of 
the most useful pieces of data you're signing is the email address(es) 
in the key.
For a fair amount of electronic communication, you may not care what is 
written on my birth certificate, just that you can be sure that you are 
still electronically communicating with the same 'me' as last month.

I work for a well-known UK ISP. We won't sign a key without, after other
identity checks, we can prove to ourselves that we can send a secret to
the email address in the key, encrypted with that key; and receive the
secret back in an email reply, signed with that key, from that email 
address.

Otherwise I can turn up with my passport, driving licence, Tufty Club
membership certificate, etc. and have you sign the key for a different
Andrew Benham.

-- 
Andrew Benham         adsb at adsb.co.uk
Southgate, London N14, United Kingdom

The gates in my computer are AND OR and NOT, not "Bill"