Photo-ID: questions

Atom 'Smasher' atom-gpg at
Fri Feb 20 17:58:20 CET 2004

Hash: SHA1

> 3. In addition to my portrait, I have included the jpeg of my
> handwritten signature into my key (e.g. to provide a means to
> validate my signature on paper documents, provided you have a
> trusted copy of my GPG key). Is this a reasonable thing to do or is
> it complete nonsense? Do I miss any security issue here, or does
> this contradict the intended use of photo IDs? Again, anybody could
> have scanned my signature from any paper document that I have
> signed, so this, too, does serve as an authentication feature).

one could also scan in their social security card, drivers license, work
id, etc... although these are all used to "prove" identity i think that
their inclusion in a public key would only makes it easier for the
information to be abused, just like a handwritten signature.

when signing keys, the important thing is that one has verified the
fingerprint(s) through secure channels... secure channels could mean
meeting for hot/cold beverages, a phone call between two (or more) people
who recognize each others voices, etc.

i don't use a GUI for any gpg/pgp interaction, so you could include a
picture of your dog and it wouldn't mean anything to me.


 PGP key -
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"Religion is what keeps the poor from murdering the rich."
		-- Napoleon Bonaparte
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list