key-signing for pseudonyms
thomas at northernsecurity.net
Sat May 15 14:05:47 CEST 2004
On Sat, May 15, 2004 at 02:05:43AM -0400, Atom 'Smasher' wrote:
> what happens, though, when one uses a pseudonym, alias, or "hacker name"
> as the name in their pgp key? if one is at a key-signing party, or just a
> room full of pgp users, how does one "prove" that identity?
to be honest, i wouldnt sign a key with a pseudonym unless i've known
the person for some time.
one option, however, could be to use another factor of identification
besids passports etc:
. i send him/her a random string
. i recieve a random string from him/her
. we verify the random strings when we meet.
but it's of course up to you if you think this procedure is acceptable.
> how much of the verification relies on control of an email address and
> key, vs how much depends on verifying the name of the person?
the key fingerprint has the highest priority, then name (with the help of an photo-id).
> would a
> photo in the key add credibility?
if you use a pseudonym, why attach a photo? doesnt that break the idea
but yes, in general i'd say it adds , maybe not credibility, but quick
way for identification.
== thomas at northernsecurity.net | thomas at se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040515/9df4c4c0/attachment-0001.bin
More information about the Gnupg-users