LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

On keys, trust, and webs

On keys, trust, and webs

Posted Oct 6, 2011 16:22 UTC (Thu) by iabervon (subscriber, #722)
Parent article: On keys, trust, and webs

For what it's worth, I actually know someone with a passport that says "Andrew Morton" who isn't a trusted kernel developer. He just happens to have the same, not too uncommon, name. The problem with checking government-issued ID is that the government doesn't identify any unique aspects suitable for recognizing them for development purposes.

(Log in to post comments)

On keys, trust, and webs

Posted Oct 6, 2011 20:19 UTC (Thu) by droundy (subscriber, #4559) [Link]

The combination of name with email address, however, is usually unique. In cases of doubt, it's usually not hard to check that a person can receive an email sent to the address they claim. Of course, if this isn't actually done, then it does add a factor of doubt to key-signing parties. In many cases (where people already know each other online) it isn't hard to establish that the email address corresponds to the person.

On keys, trust, and webs

Posted Oct 6, 2011 20:39 UTC (Thu) by liw (subscriber, #6379) [Link]

For verifying that a key and it's e-mail address belong together, the caff tool is useful: http://pgp-tools.alioth.debian.org/

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds