User attributes and audio IDs (was: Trouble signing)

Ingo Klöcker
Sat May 17 17:34:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Saturday 17 May 2003 06:10, David Shaw wrote:
> On Fri, May 16, 2003 at 07:49:37PM -0500, Richard Laager wrote:
> > David Shaw wrote:
> > > Yes.  It doesn't lower security (it's just a different sort of
> > > ID), but I can't think of any really good uses for it except the
> > > coolness factor.  Then again, it could be argued that photo ID is
> > > just a cool trick also.  Since you can't actually select a key
> > > via a photo ID, it isn't really a good user ID.
> >
> > There's no reason you couldn't select a key by a photo id in a GUI
> > environment. Simply show a bunch of photos and let the user choose.
> True, but no software exists (whether GnuPG or PGP) to do this today.
> In both cases you need to select the key in question, and then view
> the photo.  It's sort of a backwards way to select a key as normally
> the user ID is used to get to the key.  I can see photos being used
> more as a "select a key, then look at the photo to confirm it's the
> right one" rather than a "encrypt to that photo".
> It would be interesting to see a GUI that did what you suggest.  It
> could be very helpful to people who were not particularly
> crypto-savvy.

Even people how are not crypto-savvy will know the name of the person=20
they want to send an encrypted message to. But it might be useful for=20

> > Personally, I'd really like to see a keyserver interface that shows
> > things like this. I think that would be a great application of
> > photo IDs.
> I quite agree.  I think that would be a wonderful keyserver
> enhancement.  Since the photo is actually a straight JPEG with some
> OpenPGP header bytes that can be ignored, it should be fairly
> straightforward for a keyserver to feed the JPEG data back to the
> browser.

Biglumber isn't a real keyserver. But it already shows the photo ids. So=20
it doesn't seem to be that difficult.


Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)