Signing Digital Keys in Europe


Now is probably a good time for my rant on identification and signing digital keys. Here in Europe there is a strange phenomenon where people want to see each other’s id, such as a passport, before they sign your digital key. Furthermore they will sign someone’s key even if they don’t know that person, so long as they see their id. There was a key signing party here that I understand was basically entirely signing keys of people you don’t know.

I see that the purpose of authentication is to ensure consistency in the agent you are communicating with rather than determining “who” that agent is. Determining “who” that agent is both difficult, and unnecessary. What should happen is that you are introduced to an agent, and you get thier key then, and then you associate that key with that agent. You don’t need to know their “real name” to interact with them in an authenticated way. What ever name you call them is the name that you know them as. If you are never going to interact with them, you have no need to give them a name or sign their key.

There seems to be a fundamental difference between how North Americans and Europeans look at people’s names. In North America you can change your name just by using a different name. It is helpful to go through a legal process, but it isn’t necessary. In Europe you cannot change your name without a very good reason. I suspect the different key signing attitudes are related to this.



Russell O’Connor: contact me