[Freedombox-discuss] Would you sign a key with a pseudonymous keyholder name?

[Jonas Smedegaard]

On 12-07-19 at 02:09pm, Fifty Four wrote:
> So, under what conditions would you give a Level 3 signing to a 
> pseudonymous name on a key? I assume a Level 3 signing means Full 
> validity?

Policies for keysigning is bound to the communities that use them.  For 
Debian the purpose of keysigning is to ensure linkage between digital 
identity with a physical and legal identity: a passport is a strong 
identifier there and pseudonyms are pretty much by definition going 
against the very purpose of the aim for keysigning there.  It would in 
that context require some alternative strong measure of tying a virtual 
person to a legal/physical person - and I am not sure I would ever sign 
a pseudonym key for the context of Debian.

I can easily imagine getting involved in a different community where the 
purpose of keysigning would be to tie to virtual identities strongly 
together - independent from - or perhaps even actively separated from - 
physical or legal ones: a passport is a much weaker or even bad 
identifier there.

As I understand it, the "levels" I assing to a signature are for my own 
private bookkeeping, not part of the signature so not published if the 
signature gets published, so levels are less of a concern here (only 
relevant for revealing you if our enemy got access to private parts of 
my GPG key, which would have much worse uses than read "rankings" of 
signatures issued by me.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120719/52e12481/attachment.pgp>