User attributes and audio IDs (was: Trouble signing)
David Shaw
dshaw@jabberwocky.com
Sat May 17 06:16:02 2003
--J2SCkAp4GZ/dPZZf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, May 16, 2003 at 10:37:50PM -0400, Daniel Carrera wrote:
> > Then again, it could be argued that photo ID is just a cool trick also.=
=20
> > Since you can't actually select a key via a photo ID, it isn't really a=
=20
> > good user ID.
>=20
> I thought that the photo IDs helped to verify the authencity of the perso=
n=20
> (assuming that you have another means of knowing what they look like). O=
r=20
> perhaps you could post something else about you, like a JPEG of your=20
> (real, not digital) fingerprints.
>=20
> Then again, I guess that what ever you put on the JPEG becomes public=20
> data and anyone can copy those and put them on a fake signature. So, on =
a=20
> second thought, the photo ID doesn't seem to have much security use.
It's useful to determine that the key owner is really the person you
met at a keysigning party. You can actually sign photo IDs just like
any other user ID, so if you trust the signers, then theoretically you
can trust that the person looks like that.
David
--J2SCkAp4GZ/dPZZf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+xbfA4mZch0nhy8kRAmraAJ9exGbpOCVnqF/fzeh3t6cmeXRKGgCgjnw6
a62Ry/HfgpLzMoTbRX1gPwc=
=a/ml
-----END PGP SIGNATURE-----
--J2SCkAp4GZ/dPZZf--