key-signing for pseudonyms

Thomas Sjögren thomas at
Sat May 15 14:05:47 CEST 2004

On Sat, May 15, 2004 at 02:05:43AM -0400, Atom 'Smasher' wrote:
> what happens, though, when one uses a pseudonym, alias, or "hacker name"
> as the name in their pgp key? if one is at a key-signing party, or just a
> room full of pgp users, how does one "prove" that identity?

to be honest, i wouldnt sign a key with a pseudonym unless i've known
the person for some time.
one option, however, could be to use another factor of identification
besids passports etc:

. i send him/her a random string
. i recieve a random string from him/her
. we verify the random strings when we meet.

but it's of course up to you if you think this procedure is acceptable.

> how much of the verification relies on control of an email address and
> key, vs how much depends on verifying the name of the person? 

the key fingerprint has the highest priority, then name (with the help of an photo-id).

> would a
> photo in the key add credibility?

if you use a pseudonym, why attach a photo? doesnt that break the idea
of pseudonyms?

but yes, in general i'd say it adds , maybe not credibility, but quick
way for identification.

== thomas at | thomas at
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040515/9df4c4c0/attachment-0001.bin

More information about the Gnupg-users mailing list