Including public key

Jay Litwyn brewhaha at freenet.edmonton.ab.ca
Thu Jul 28 20:15:16 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----

On 2011-07-28 10:08 AM, Melvin Carvalho wrote:
> On 28 July 2011 16:01, MFPA <expires2011 at ymail.com> wrote: Hi
> 
> 
> On Thursday 28 July 2011 at 12:53:41 PM, in 
> <mid:4E314DC5.4000507 at freenet.edmonton.ab.ca>, Jay Litwyn wrote:
> 
>>>> Attaching a photo to your public key might help. So might
>>>> putting a phone number on your public key.
> 
> I'm not too convinced a photo would help much. I could create a key
> and include a photo obtained from the internet...
> 
> A phone number would only help if the person ringing it knew you
> well enough to recognise your voice on the phone. Even then, somebody
> could record your voice and use it create an answerphone message...
> 
>> It's now possible to put a photo, phone number etc on your home
>> page, and also put your public key there.
> 
>> That's what I do.  For this I use my OpenPGP key together with some
>> HTML5.

The only reason I am not using HTML5, yet, iz because it requires
knowing CSS to set link, vlink, and alink colours. What you are talking
about only requires HTML 3.2 (which haz been a standard for ten years,
and even now there is a portion of internet traffic from I.E.6.), which
supports colour in body tags, while HTML5 does not; yet another
"standard" that is not backward compatible.

Not recognizing a public key from "stamper" is being not backward
compatible.

A signed photo means a *bit more* than photos on facebook. A signed
phone number means a *bit more* than a link to your phone company. That
is especially true when three identifiers are linked to the same key,
separately, so that you don't need to know all four (voice, name, face,
and e-mail address), and so that you can let other people confirm only
what they've experienced, az in perhaps they should not feel qualified
to sign my given and family names, yet they're confident of my e-mail
address.

In my case, that iz likely, because I yuuz only screen names on USENET.
The bit more is potential for privacy, and insulation against "identity
theft". Someone could simply copy your web site and change a few things
to steal your identity, at least until you found out and complained to
their ISP.

That's why "void" appears in my public key. Neither PGP 10, nor gpg
were going to allow me to leave my given and family names blank;
separate, and yet _linked_ elements of identification.

> 
>> It's quite a new system, but supported by the W3C and on it's way
>> to becoming a standard. For more info see the video at: 
>> http://webid.info/

Like I said, it is more authentic and therefore more useful when pieces
of your identity are linked in dijital signatures. It would be a bit
tricky to do that with HTML. You could do it with PDF, because there iz
a standard for signatures (and probably compound signatures) on PDF.
There isn't one for HTML, AFAIK, that doesn't require s/mime or some
complicated and little-used piece of HTTPS or HTTPD.
_______
Line for Darth Vader in Star Wars to sanitize:
"(Exhale, Inhale) Luke, you are my bastard!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBTjGnFR47apzXdID2AQEoCwP9EVxC4OeoqZ4wIQvKHwMRezh8ytLQYEo9
pTfbjuE3zwqzge+Aj9U2OjgKSfWq3GFYmQ59QBMNUtaGT2pVP1n3RIFsuYEr+1XY
cem6oL0cyMT8X0e198J7sy9bC//TD8NaEkPOW5p1D8YzeFuKOSc2LeHuyCjnU4Ox
I+9YK8TtA2s=
=q4aO
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list