On Tue, Aug 13, 2013 at 10:24 AM, Brian May <brian@microcomaustralia.com.au>wrote:
On 12 August 2013 18:16, Adam Bolte <abolte@systemsaviour.com> wrote:
This is a really good point. I'm not sure which side of the fence is best, but I feel that we should quickly discuss this point on Thursday if time permits.
Problem is that the name of the person doesn't uniquely identify the person. The email [1] address does.
[etc] I'm lost, maybe somebody can enlighten me. The "Web of trust" entry in wikipedia says: "a *web of trust* is a concept used in PGP<https://en.wikipedia.org/wiki/Pretty_Good_Privacy>, GnuPG <https://en.wikipedia.org/wiki/GNU_Privacy_Guard>, and other OpenPGP<https://en.wikipedia.org/wiki/OpenPGP>-compatible systems to establish the authenticity of the binding between a public key and *its owner*" Now, my question: what an email address has to do with the identity of the owner? By the same measure, what the "full person name" or any other "govt/authority emitted ID" have to do with the identity of the owner? E.g. assume that someone is involved in a OSS project under a pseudonym and very few contributors inside the project actually know the person under that pseudonym (even more, say none outside the project know the actual person). Now, that person would like to have that* pseudonym* trusted by all the project members and outside the project's contributors circle, but *without disclosing to real person identity*. Let's assume the presence at the "signing party" of one "trusted member of the web of trust" that can vouch for the one the "known by pseudonym only" participant. How does it work? Can the public key for the pseudonymous participant be "certified as trusted" at that signing party? (rephrasing the question: is a signing party a method good enough to establish a trust relationship in a "pseudonymous persona"? If not, why?) Adrian