Including public key
expires2011 at ymail.com
Sat Jul 30 02:03:04 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 28 July 2011 at 4:22:52 PM, in
<mid:4E317ECC.1060107 at freenet.edmonton.ab.ca>, Jay Litwyn wrote:
> Do not sign my photo until you see me in person,
OK, fair enough. If the key has WoT signatures from people I trust to
have such a policy. But in the case of the OP's key with only
self-signatures, the inclusion of a photo would do nothing to reassure
> although it would be tricky to fake photo-id production
> on skype. Photo-id doesn't make very good single
> frames, but change the angle on television and those
> chrome things flicker and move...
OK, use a TV projector and point your webcam at the screen.
>> A phone number would only help if the person ringing
>> it knew you well enough to recognise your voice on the
>> phone. Even then, somebody could record your voice
>> and use it create an answerphone message...
> That is what a signed mp3 in my comment is about,
Signed with the key, and somebody who knows you could recognise your
voice if they play the file. Arguably, "Mallory" could make recordings
of your voice and use them to create such a file and sign it with
their fake key.
> just in case you do not follow links in message source
> [comments] very often...
Like almost never. (-;
> (I will never call it a thumbprint or a fingerprint; key hash)
Why not? Using the standard term of "Fingerprint" rather than
"Keyprint_Biometric" might lead more people to understand what the
file was likely to be.
> Additionally, you can do a reverse lookup on my phone
I could possibly pay somebody with law enforcement connections to do
> and at least see if I am lying about my given
> and family names, according to a corporation that my
> library used to verify my identity.
Assuming the phone is billed to you personally, and that you gave your
real name when setting up the service.
I once had a library check on my phone number, by getting out the
phone book and finding my surname and address and comparing the number
listed to the one I gave them. (That was when I was in my teens and
lived with my parents, so the initial would not have matched my first
> My bottom line is that photos and phone numbers do not
Depends on the user's privacy requirements and threat model.
MFPA mailto:expires2011 at ymail.com
He's an environmentalist - his arguments are 100% recycled
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users