User attributes and audio IDs (was: Trouble signing)
Sat May 17 06:16:02 2003
Content-Type: text/plain; charset=us-ascii
On Fri, May 16, 2003 at 10:37:50PM -0400, Daniel Carrera wrote:
> > Then again, it could be argued that photo ID is just a cool trick also.=
> > Since you can't actually select a key via a photo ID, it isn't really a=
> > good user ID.
> I thought that the photo IDs helped to verify the authencity of the perso=
> (assuming that you have another means of knowing what they look like). O=
> perhaps you could post something else about you, like a JPEG of your=20
> (real, not digital) fingerprints.
> Then again, I guess that what ever you put on the JPEG becomes public=20
> data and anyone can copy those and put them on a fake signature. So, on =
> second thought, the photo ID doesn't seem to have much security use.
It's useful to determine that the key owner is really the person you
met at a keysigning party. You can actually sign photo IDs just like
any other user ID, so if you trust the signers, then theoretically you
can trust that the person looks like that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
-----END PGP SIGNATURE-----