Call me crazy, but ...

Andrew Gallagher andrewg at andrewg.com
Wed Jul 14 20:12:36 CEST 2021


> On 14 Jul 2021, at 18:34, Стефан Васильев via Gnupg-users <gnupg-users at gnupg.org> wrote:
> 
> Viktor wrote:
> 
>> It's the same as putting any other public information in public key
>> certificate. You can put first and last name, email address and even
>> photo of another person.
> 
> But this information can be digitally verified and is issued EU wide by
> Governemnt trusted sources in this field.

But this puts logical causality the wrong way around. Just because the thing *being signed* is genuine, does not prove that the thing *doing the signing* is genuine.

IMO this proposal is abuse of the public key infrastructure. If you want to sign an ID document, just sign an ID document and distribute it through other channels. Attaching it as a signed packet to a key adds zero value, at nonzero cost. 

A


More information about the Gnupg-users mailing list