Call me crazy, but ...

Стефан Васильев stefan.vasilev at posteo.ru
Wed Jul 14 20:49:10 CEST 2021


Andrew Gallagher wrote:
>> On 14 Jul 2021, at 18:34, Стефан Васильев via Gnupg-users 
>> <gnupg-users at gnupg.org> wrote:
>> 
>> Viktor wrote:
>> 
>>> It's the same as putting any other public information in public key
>>> certificate. You can put first and last name, email address and even
>>> photo of another person.
>> 
>> But this information can be digitally verified and is issued EU wide 
>> by
>> Governemnt trusted sources in this field.
> 
> But this puts logical causality the wrong way around. Just because the
> thing *being signed* is genuine, does not prove that the thing *doing
> the signing* is genuine.
> 
> IMO this proposal is abuse of the public key infrastructure. If you
> want to sign an ID document, just sign an ID document and distribute
> it through other channels. Attaching it as a signed packet to a key
> adds zero value, at nonzero cost.

What abuse do you see here, if I may ask? I see it as an non-public 
option
among virtual GnuPG friends to include in a duplicate certified data, 
which
is not meant to been distributed on keyservers etc. or made public to
the world and acts for two pub keys comparison.

Regards
Stefan



More information about the Gnupg-users mailing list