-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Thursday 28 July 2011 at 4:22:52 PM, in <mid:4e317ecc.1060...@freenet.edmonton.ab.ca>, Jay Litwyn wrote: > Do not sign my photo until you see me in person, OK, fair enough. If the key has WoT signatures from people I trust to have such a policy. But in the case of the OP's key with only self-signatures, the inclusion of a photo would do nothing to reassure me. > although it would be tricky to fake photo-id production > on skype. Photo-id doesn't make very good single > frames, but change the angle on television and those > chrome things flicker and move... OK, use a TV projector and point your webcam at the screen. >> A phone number would only help if the person ringing >> it knew you well enough to recognise your voice on the >> phone. Even then, somebody could record your voice >> and use it create an answerphone message... > That is what a signed mp3 in my comment is about, Signed with the key, and somebody who knows you could recognise your voice if they play the file. Arguably, "Mallory" could make recordings of your voice and use them to create such a file and sign it with their fake key. > and > just in case you do not follow links in message source > [comments] very often... Like almost never. (-; > http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp > (I will never call it a thumbprint or a fingerprint; key hash) Why not? Using the standard term of "Fingerprint" rather than "Keyprint_Biometric" might lead more people to understand what the file was likely to be. > Additionally, you can do a reverse lookup on my phone > number I could possibly pay somebody with law enforcement connections to do that. > and at least see if I am lying about my given > and family names, according to a corporation that my > library used to verify my identity. Assuming the phone is billed to you personally, and that you gave your real name when setting up the service. I once had a library check on my phone number, by getting out the phone book and finding my surname and address and comparing the number listed to the one I gave them. (That was when I was in my teens and lived with my parents, so the initial would not have matched my first name.) > My bottom line is that photos and phone numbers do not > hurt. Depends on the user's privacy requirements and threat model. - -- Best regards MFPA mailto:expires2...@ymail.com He's an environmentalist - his arguments are 100% recycled -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJOM0o/nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pu50D/j7h o87GES62xpCEYIwqyIMQiiANBXTJg3CLJgwGE6isOxy4mTXMgKqU3l1iESjbe+nk ChsCse1Rs2QaNHOR2lJLzNotfhNRA88Cc5xgM8CK5eh8xSCwLv4012vRctjIHRGm 96EW2xxy/s09rcN+17nzNHbqshbDt05BZEvX5r8S =4Ad6 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
