Call me crazy, but ...

Viktor ageyev at
Wed Jul 14 16:23:42 CEST 2021

It's the same as putting any other public information in public key 
certificate. You can put first and last name, email address and even 
photo of another person.

In general: unless we have other trusted person to verify that public 
key belongs to certain person, we can not ensure key owner identity 
before we have some transactions signed with this key.

And we should not only trust person that has verified public key 
certificate, we should also know and trust the procedure this person 
used to verify public key certificate. And this is very important if 
there is a dispute, say about a signed contract.

This was the flaw in pgp's web of trust: verification procedures were 
not known.

Best regards,
Viktor Ageyev

On 14/07/2021 15:45, Стефан Васильев via Gnupg-users wrote:
> if a person, within the EU, would put his COVID vaccination certificate 
> QR-Code
> in his pub-key as photo-ID I would say that than another GnuPG user, within
> the EU, or maybe later in the U.S. and elsewhere too, would have the 
> assurance,
> without that the public key is otherwise signed, that this pub key 
> belongs to that
> person.
> On GitHub is a decoder available, which allows users to verify the 
> digital signature
> of such COVID certs, with trustlists from EU member states.
> Regards
> Stefan
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list