Photo-ID: questions

Atom 'Smasher' atom-gpg at suspicious.org
Fri Feb 20 17:58:20 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 3. In addition to my portrait, I have included the jpeg of my
> handwritten signature into my key (e.g. to provide a means to
> validate my signature on paper documents, provided you have a
> trusted copy of my GPG key). Is this a reasonable thing to do or is
> it complete nonsense? Do I miss any security issue here, or does
> this contradict the intended use of photo IDs? Again, anybody could
> have scanned my signature from any paper document that I have
> signed, so this, too, does serve as an authentication feature).
============================

one could also scan in their social security card, drivers license, work
id, etc... although these are all used to "prove" identity i think that
their inclusion in a public key would only makes it easier for the
information to be abused, just like a handwritten signature.

when signing keys, the important thing is that one has verified the
fingerprint(s) through secure channels... secure channels could mean
meeting for hot/cold beverages, a phone call between two (or more) people
who recognize each others voices, etc.

i don't use a GUI for any gpg/pgp interaction, so you could include a
picture of your dog and it wouldn't mean anything to me.


	...atom

 _______________________________________________
 PGP key - http://smasher.suspicious.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
 -------------------------------------------------

	"Religion is what keeps the poor from murdering the rich."
		-- Napoleon Bonaparte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -  http://atom.smasher.org/links/#digital_signatures

iD8DBQFANpEQnCgLvz19QeMRAspfAKCdHTsRaFu5/nvGseF+iF+J1Si1lgCeNRfh
EYf/A8UivziU++n8jqrY8kc=
=/Hy4
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list