Andrew Gallagher wrote:
On 14 Jul 2021, at 18:34, Стефан Васильев via Gnupg-users
<gnupg-users@gnupg.org> wrote:
Viktor wrote:
It's the same as putting any other public information in public key
certificate. You can put first and last name, email address and even
photo of another person.
But this information can be digitally verified and is issued EU wide
by
Governemnt trusted sources in this field.
But this puts logical causality the wrong way around. Just because the
thing *being signed* is genuine, does not prove that the thing *doing
the signing* is genuine.
IMO this proposal is abuse of the public key infrastructure. If you
want to sign an ID document, just sign an ID document and distribute
it through other channels. Attaching it as a signed packet to a key
adds zero value, at nonzero cost.
What abuse do you see here, if I may ask? I see it as an non-public
option
among virtual GnuPG friends to include in a duplicate certified data,
which
is not meant to been distributed on keyservers etc. or made public to
the world and acts for two pub keys comparison.
Regards
Stefan
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
