Weaving a PGP Web of trust..proposal? comments? (fwd)
Robert Guerra
Robert Guerra <rguerra at geocities.com>
Sun, 16 Aug 1998 17:41:01 -0400
---------- Forwarded Message ----------
Date: Sun, Aug 16, 1998 5:34 PM -0400
From: Robert Guerra <az096@freenet.toronto.on.ca>
To: yashy-hack@bassclef.achilles.net, PGP-Users
<pgp-users@joshua.rivertown.net>
Subject: [yashy] Re: Weaving a PGP Web of trust..proposal? comments?
>
> --On Sun, Aug 16, 1998 9:14 PM +0200 Terje Elde <delta@mail-me.com> =
wrote:
>
>>
>> While I usually thinks of the PGP concept as brilliant there are a few
>> things that really bites. First of all, it's so hard to verify who =
people
>> are if you are in different parts of the world. Normally you'd just =
call
>> the person, or visit them, but if one is 20 000km apart and doesn't =
know
>> how the other persons voice sounds like you have a bit of a problem.
>>
>> What I really wonders is, have anyone looked into the subject of remote
>> authentification?? I know there's some government office where you can
>> get a verification of your (paper-)signature or something like that.
>>
>> I'm totally lost on this one... Anyone out there have an idea or two on
>> how I can figure out who I'm dealing with?
>>
>
> Though it's probably costly..here's a possible way in which "A" could
> verify "B"
> (which could probably be held as binding in court)
>
> 1. "A" goes to his local notary public (or barister/solicitor/lawyer) =
and
> gets
> a notarized statement saying that "A" has proven himself to be who he =
says
> he is and is the owner of a given PGP key (with a given PGP ID &
> Fingerprint).
>
> 2. "A" then takes this document to the appropiate state or provincial
> authority which notarizes (checks out) that the notary in step 1 is
> licensed in a given area to take notarized statements. (This in essence
> verifies that the document from step 1. s in fact a legally binding
> document where "A" lives)
>
> 3. "A" then takes the documents from notarized (by notary public &
> state/govt. office) and takes it to the "B"'s consulate/embassy.
> (ie. If I want to send my canadian documents to a fellow in spain.. I
> would take my notarized documents to the nearest Spanish Consulate or
> Embassy)
>
> I would then ask the consulate/embassy to notarize the document(s) (from
> step 1-2). This would then make the documents legally binding in "B"=B4s
> country.
>
> 4. I would then send the collection of documents to "B" via
> certitified/registered post.
>
> 5. "B" upon recieving the documents from "A" would have a legal document
> stating that the PGP keys "A" states are "his/hers" have been duley
> legally notarized and registered.
>
> 6. Would then check "B"'s ID & fingerprint (with the ones on the
> keyservers) ..if they match..(hopefully they will)...then one could
> sign...
>
> This is a paperwork intensive method..but it leaves out "middle men" and
> Certification authorities.
>
> It would be great if we could create:
>
> a FAQ which would state how to do this in easy to follow steps.
>
> This would create some sort of "long-distance" key signing method which
> might be acceptible even to the doubters...
>
> regards
>
> robert
>
>
Comments/suggestions?
--=7F
Robert Guerra - Email-> mailto:az096@freenet.toronto.on.ca ICQ #10266626
Home Page-> http://www.geocities.com/CapitolHill/3378
PGPKeys available on WWW Page & via finger://rguerra@flare.dynip.com