Including public key

MFPA expires2011 at
Sat Jul 30 02:03:04 CEST 2011

Hash: SHA512


On Thursday 28 July 2011 at 4:22:52 PM, in
<mid:4E317ECC.1060107 at>, Jay Litwyn wrote:

> Do not sign my photo until you see me in person,

OK, fair enough. If the key has WoT signatures from people I trust to
have such a policy. But in the case of the OP's key with only
self-signatures, the inclusion of a photo would do nothing to reassure

> although it would be tricky to fake photo-id production
> on skype. Photo-id doesn't make very good single
> frames, but change the angle on television and those
> chrome things flicker and move...

OK, use a TV projector and point your webcam at the screen.

>> A phone number would only help if the person ringing
>> it knew you well enough to recognise your voice on the
>> phone. Even then, somebody  could record your voice
>> and use it create an answerphone message...

> That is what a signed mp3 in my comment is about,

Signed with the key, and somebody who knows you could recognise your
voice if they play the file. Arguably, "Mallory" could make recordings
of your voice and use them to create such a file and sign it with
their fake key.

> and
> just in case you do not follow links in message source
> [comments] very often...

Like almost never. (-;

> (I will never call it a thumbprint or a fingerprint; key hash)

Why not? Using the standard term of "Fingerprint" rather than
"Keyprint_Biometric" might lead more people to understand what the
file was likely to be.

> Additionally, you can do a reverse lookup on my phone
> number

I could possibly pay somebody with law enforcement connections to do

> and at least see if I am lying about my given
> and family names, according to a corporation that my
> library used to verify my identity.

Assuming the phone is billed to you personally, and that you gave your
real name when setting up the service.

I once had a library check on my phone number, by getting out the
phone book and finding my surname and address and comparing the number
listed to the one I gave them. (That was when I was in my teens and
lived with my parents, so the initial would not have matched my first

> My bottom line is that photos and phone numbers do not
> hurt.

Depends on the user's privacy requirements and threat model.

- --
Best regards

MFPA                    mailto:expires2011 at

He's an environmentalist - his arguments are 100% recycled


More information about the Gnupg-users mailing list