key-signing for pseudonyms
atom-gpg at suspicious.org
Mon May 17 15:53:48 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 17 May 2004, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Saturday 15 May 2004 08.05, Atom 'Smasher' wrote:
> > what happens, though, when one uses a pseudonym, alias, or "hacker
> > name" as the name in their pgp key?
> My policy is: I only sign
> - photo ids where the photo matches the person
> - userids with full name
> everything else doesn't really make sense for general keysignings.
i've got 2 UIDs. if i add a photo (and we met in person), would you sign
all UIDs, or just the photo? what are the variables one might consider?
> There may be exceptions, these are considered on a case-by-case basis.
any examples of what those special cases might involve?
On Mon, 17 May 2004, Kyle Hasselbacher wrote:
> On Sat, May 15, 2004 at 12:25:11PM -0400, Atom 'Smasher' wrote:
> >let's say i meet someone and their key-name is a pseudonym. we want to
> >sign each others' keys, but i have no idea who this person is.
> >[protocol] when the signature appears publicly, can
> >there be much doubt that i'm dealing with the same person i met?
> J. Random Celebrity wants anonymity. Celebrity sends J. Random Flunky to
> meet you with the right fingerprint. Later, Flunky gives Celebrity the
> "secret" you generated with Flunky in person. In this scenario, you've
> been duped into signing a key that belongs to someone you never met.
the good old man-in-the-middle.... can this be resolved with a photo? of
course, a celebrity can use a double to participate in the meeting...
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"Who controls the past controls the future.
Who controls the present controls the past."
-- George Orwell
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
-----END PGP SIGNATURE-----
More information about the Gnupg-users