[Freedombox-discuss] Would you sign a key with a pseudonymous keyholder name?

[bertagaz at ptitcanardnoir.org]

On Thu, Jul 19, 2012 at 10:25:05AM +0200, Jonas Smedegaard wrote:
> On 12-07-19 at 02:09pm, Fifty Four wrote:
> > So, under what conditions would you give a Level 3 signing to a 
> > pseudonymous name on a key? I assume a Level 3 signing means Full 
> > validity?
> 
> Policies for keysigning is bound to the communities that use them.  For 
> Debian the purpose of keysigning is to ensure linkage between digital 
> identity with a physical and legal identity: a passport is a strong 
> identifier there and pseudonyms are pretty much by definition going 
> against the very purpose of the aim for keysigning there.

Well, it's not that easy to assert that passports are strong identifiers.

It's a misconception that has been spread by the usual keysigning party
policy, but that isn't that meaningful IMO.

You can easily buy some forged one on some markets.

I don't think it's too complicated for some people working for gov
agencies to get a false passport and hijack an identity.

In the end it all depends on your ability to recognize a "real" passport
from a "false" one, which is not something most people do really know nor
take care when they use them to identify someone.

When you sign a key, you don't really verify an ID, only that the people
you meet are the one that possess the private key.

There are more meaningful ways to ensure someone is the keyholder, by
spending time with him/her, verifying s/he knows details of your online
relationship, building trust, and eventually finding people that can
vounch him/her. And then, there aren't that much differences to sign a
pseudonymous key or state ID one.

bert.