key-signing for pseudonyms
linux at codehelp.co.uk
Sat May 15 14:41:47 CEST 2004
On Saturday 15 May 2004 7:05, Atom 'Smasher' wrote:
> what happens, though, when one uses a pseudonym, alias, or "hacker name"
> as the name in their pgp key? if one is at a key-signing party, or just a
> room full of pgp users, how does one "prove" that identity?
If you don't correspond with that person in an environment where that alias or
nickname is regularly used, don't sign that UID. There is no other reliable
method of verification. When you verify the key face-to-face, you can always
ask about the nickname, where it's used and verify it later before actually
signing the key.
> how much of the verification relies on control of an email address and
> key, vs how much depends on verifying the name of the person? would a
> photo in the key add credibility?
No, IIRC, we've had this discussion about photo ID's before - IMHO, photo
UID's are of use when you are hoping to meet someone for the first time
because they help you find each other at the pub/event. However, the photo ID
would need to be verified face-to-face when most people would want to see
separate photo ID like a passport anyway. It would be helpful to sign the
photo UID when you have verified a passport face-to-face, I suppose (for
others to know that it has been checked), but I can't see much more use than
that. I certainly don't think that a photo UID has any effect on the
credibility of the rest of the key simply as a photo.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Url : /pipermail/attachments/20040515/b9445cf1/attachment.bin
More information about the Gnupg-users