User attributes and audio IDs (was: Trouble signing)

David Shaw dshaw@jabberwocky.com
Sat May 17 16:37:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, May 17, 2003 at 03:37:27PM +0200, Manuel Samper wrote:
> On Sat, May 17, 2003 at 01:17 CEST, David Shaw wrote:
> > On Sat, May 17, 2003 at 12:05:42AM +0200, Manuel Samper wrote:
> > > David Shaw, on Fri, May 16 2003 at 20:24, wrote:
> > > > I'd be interested to hear comments about whether people would make
> > > > good use of something like an audio ID or not.  It certainly has the
> > > > potential to make keys very very large, though perhaps that is the
> > > > problem and choice of the key holder.
> > > 
> > > If no aditional security is apported, then I prefer other enhancements
> > > in gpg rather than some funny capabilities. But who knowns how useful
> > > may become...
> > 
> > Yes.  It doesn't lower security (it's just a different sort of ID),
> > but I can't think of any really good uses for it except the coolness
> > factor.  Then again, it could be argued that photo ID is just a cool
> > trick also.  Since you can't actually select a key via a photo ID, it
> > isn't really a good user ID.
> 
> What I think would we really useful, is to allow this sort of
> "attribute" (image,audio,..) in normal user id, so you can create a
> normal uid with their real name, comment and email address _and_ attach
> some data to it (like a photo), mainly if you create a user id without
> email address, so you can collect other's people signatures here
> (obviously, no email challenge is possible) and don't worry about
> lossing it when you revoke a uid due to lossing the email address.
> 
> But AFAIK this isn't possible whitout breaking compliance with the
> standard, right?

If the standard got a "text" attribute tag, then this would be no
problem.  It's essentially the same thing we were discussing before.

Even if the standard didn't have a text attribute tag, it is possible
to use one of the experimental tags for this purpose, but of course
then only GnuPG would be able to use such user attribute IDs.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+xkkx4mZch0nhy8kRAsnYAKDiPfAfvG9Xes4F+t2xXtkqW1NZEACeNgg+
V1covwB3xuaemmvryX0NSfg=
=fHfm
-----END PGP SIGNATURE-----