atom-gpg at suspicious.org
Fri Feb 20 17:58:20 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
> 3. In addition to my portrait, I have included the jpeg of my
> handwritten signature into my key (e.g. to provide a means to
> validate my signature on paper documents, provided you have a
> trusted copy of my GPG key). Is this a reasonable thing to do or is
> it complete nonsense? Do I miss any security issue here, or does
> this contradict the intended use of photo IDs? Again, anybody could
> have scanned my signature from any paper document that I have
> signed, so this, too, does serve as an authentication feature).
one could also scan in their social security card, drivers license, work
id, etc... although these are all used to "prove" identity i think that
their inclusion in a public key would only makes it easier for the
information to be abused, just like a handwritten signature.
when signing keys, the important thing is that one has verified the
fingerprint(s) through secure channels... secure channels could mean
meeting for hot/cold beverages, a phone call between two (or more) people
who recognize each others voices, etc.
i don't use a GUI for any gpg/pgp interaction, so you could include a
picture of your dog and it wouldn't mean anything to me.
PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
"Religion is what keeps the poor from murdering the rich."
-- Napoleon Bonaparte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
-----END PGP SIGNATURE-----
More information about the Gnupg-users