Scripsit Gunnar Wolf <[EMAIL PROTECTED]> > There is something, though, that I think would be a worthy addition to > future KSPs, if we continue to hold them: Many of us have our photo as > part of our key. Maybe if the printed sheet was not plain-text but > included those photos that are available, it would be at least a > slight improvement?
How exactly would that help anything? That is, under which attack model would it improve the security of the system? Note that when you stand before a stranger at a KSP, it is _not_ in doubt that he controls the _key_ that he wants you to sign. (Or rather: if he does not control it, he would have nothing to gain from having you sign it). Submitting a (signed) photo in avance would prove nothing but his control of the key, and that is not an intersting property. What _is_ in doubt is that his real-life identify is the same as the user id that he wants you to sign. And the fact that someone has a photograph of himself says nothing about what his name is. _Anybody_ can have a photograph of themselves, easily, no matter whether they are who they claim to be or not. Thus the relevant attack model is: An attacker creates a key and types in somebody else's name as an uid. He goes to key-signing parties and tries to get other participants to sign the connection between his actual key fingerprint and the false name he has assumed. How would it help prevent such an attack that the attacker could supply a photo of his own to the KSP organizers and have all of the participants check that he looks like he does? On the contrary, it would inspire confusion because some participants would _think_ that the fact that the fraudster looks exactly like the photo he himself supplied could somehow mitigate the mismatch with the photo on the official ID document he presents. -- Henning Makholm "Ambiguous cases are defined as those for which the compiler being used finds a legitimate interpretation which is different from that which the user had in mind." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]