On Sep 6, 2013, at 6:42 PM, Joe Touch <touch@xxxxxxx> wrote: > I've noted elsewhere that the current typical key-signing party methods are very weak. You should sign only the keys of those who you know well enough to claim you can attest to their identity. This is a ridiculously high bar. The bar should be about at the level of a facebook friend request. The PGP key signing model of attesting to legal identities is solving the wrong problem. But you are right that we can't require this sort of thing in order for people to participate in the IETF.