User attributes and audio IDs (was: Trouble signing)

Richard Laager rlaager@wiktel.com
Sat May 17 05:50:03 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Carrera wrote:
> Then again, I guess that what ever you put on the JPEG becomes public 
> data and anyone can copy those and put them on a fake 
> signature.  So, on a 
> second thought, the photo ID doesn't seem to have much security use.

Well, it does provide a little security. If I found a key with a photo ID
with a valid self-signature and met the key's purported owner at a
keysigning, he or she had better look something like the photo. In other
words, if the key's real owner (the owner of the private key that made the
self-sig on the photo) claims to be the person in a certain picture, then
nobody who can't be the person in the picture should claim to be the key's
owner.

Also, while I'm on the topic of keysignings and photo IDs, the photo IDs
are handy if you make plans to meet someone in a public place for a
keysigning. If you have their key in advance and it has a photo ID, you can
tell who to look for! :-)

Richard Laager

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/

iQA/AwUBPsWxqG31OrleHxvOEQIaRwCg/s9/rKMHJl3lpLK2xWbjKyRcLmwAnR9E
Udw/XODdzkw89AiPhKoBRdwM
=Z5EL
-----END PGP SIGNATURE-----