On Sep 6, 2013, at 6:42 PM, Joe Touch <touch(_at_)isi(_dot_)edu> wrote:
I've noted elsewhere that the current typical key-signing party methods are
very weak. You should sign only the keys of those who you know well enough to
claim you can attest to their identity.
This is a ridiculously high bar. The bar should be about at the level of a
facebook friend request. The PGP key signing model of attesting to legal
identities is solving the wrong problem. But you are right that we can't
require this sort of thing in order for people to participate in the IETF.