Signing photo IDs (was Re: SHA-1 recommendations)
David Shaw
dshaw at jabberwocky.com
Mon May 18 19:09:48 CEST 2009
(Split off from the earlier thread, as the topic has drifted)
On May 18, 2009, at 11:14 AM, Daniel Kahn Gillmor wrote:
>> Incidentally, I don't sign photo IDs. It has nothing to do with this
>> theoretical attack - a photo ID does not make a statement that I am
>> willing to certify.
>
> I've always assumed that a User Attribute of a jpeg is semantically
> interpreted as a visual representation of the keyholder, by analogy to
> the photo in a passport, driver's license, or other official
> documentation. It basically says "<so-and-so> looks like this:".
> This
> can change a fair amount (hair changes, age, accidents, body
> modifications, odd lighting, etc make images far more fluid than UTF-8
> name designations), so I can understand not being willing to make a
> long-lived certification like this. But i don't think it invalidates
> the concept.
I'm not saying the concept is invalid. Just that I personally don't
find it compelling enough to sign.
A user ID string says at least two useful things about the keyholder:
a) their real-world name, and b) how they can be reached (i.e. their
email). Many people don't bother to check (b), which I find silly -
taking some non-zero effort to verify the first half of the user ID
(by looking at drivers licenses, etc) but no effort at all to check
the second half? A photo is a different sort of thing altogether.
While a name+email makes a reasonably strong binding between a real
person and a key, a photo doesn't. That would be certifying them (and
in practice making their key become valid) because I think they
resemble a photo.
> (as an aside, this does make me particularly wary of people who sign
> photo IDs like the one attached to F1530A35)
Maybe he really does look like that...
David
More information about the Gnupg-devel
mailing list