Photo ID Display Behavior

[Richard Laager]

Using version 1.2.1 of GPG, I discovered the following behavior: If a
key has multiple photo IDs, all will be displayed when doing a
"showphoto". This seems appropriate. However, the photo IDs are
displayed even if the self-signature on the photo ID is revoked. I
didn't test it, but all the evidence seems to suggest that the photo ID
would be displayed if the self-signature was absent or expired. I
believe this is the current intended behavior. PGP (only tested with
6.5.8ckt) displays all photo IDs in a scrolling list, even those that
are revoked, etc.

I'd like to suggest that the behavior be modified. Just as revoked user
IDs are hidden when doing a gpg --list-key, I suggest that only photo
IDs with a valid* self-signature be displayed. The advantage to doing so
would be that a user could replace his/her photo ID every so often, just
as a photo on a passport** is replaced every 10 years or so. By either
revoking or letting the self-signatures on old photos expire, the user
could have a current photo displayed with his/her key. The old photos
would simply be hidden, without having to be deleted.

* By valid, I mean an unrevoked, cryptographically valid signature with
a creation time in the past, and an expiration date in the future.

** I realize the major flaw in this analogy. Passports are reissued with
new photos. :-)

Richard Laager