I don’t agree. Why isn’t the photo ID feature not useful? Surely any piece of information that would help another person, with whom you are proposing to communicate, to identify you first, is a good thing. Before they can trust you enough to sign the key (which can’t be very often using the PGP model) they must be able to identify you, and a photo ID helps them to put a name to a face, or at least provides a reference point with which to do other checks, before signing the key, let alone encrypting - someone’s photo ID to do a google image search on it, bringing up other information that could be useful.
Maybe I’m wrong but the problem with GPG is that it has too few verification tools, like the photo ID. In my keychain I have 35 public keys for different individuals with whom I may want to communicate via GPG, but I’ve probably only signed a fraction of them, maybe 10, and only a handful of those are people I know personally. I always sign my messages, but if you are unable to trust someone enough to sign they key (or even their signature) then I’m not sure that PGP is very useful or fulfils its purpose. As for the photo ID feature itself surely there are technical fixes for that, including allowing people to upload slightly larger images than would bepossible with the recommended dimensions without increasing the key size. For reference, passport photographs are pretty small, as we are all aware, (I think 35 by 45 mm in the EU), and when we send email a scan of our passport page for some job application or whatever it is not likely to be a good. s.mur...@mykolab.com > On 31 Dec 2014, at 14:31, Robert J. Hansen <r...@sixdemonbag.org> wrote: > > >> I've been looking for documentation with info on adding a photo id to a gpg >> key. >> The instructions for adding are available but I can't find any advice for the >> size, format, dpi etc of the image to be used. > > The major problem is there is very little good advice about this, and what > there is keeps changing. For a long time the PGP Desktop product used > 120x144 as a picture size. Back when a high-resolution display was 800x600 > it made a lot of sense; now, when my laptop has a 2880x1800 display, a > 120x144 image is literally smaller than a postage stamp. > > GnuPG adopted the photo-ID feature a few years later and technology had > already progressed to the point where the GnuPG advice was 240x288. That > advice hasn’t changed in over ten years; it’s probably out of date by now. > > With respect to what format should be used, the de-facto standard seems to be > JPEG. > > I personally don’t find photo ID to be a useful feature. They’re too static. > The photo ID on my certificate, for instance, is almost ten years old. If > you need photo ID, a better route would appear to be something like > keybase.io, which offers some neat tools for binding a certificate to > photographs, social media accounts, and whatnot. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
