> On 14 Jul 2021, at 19:49, Стефан Васильев <stefan.vasi...@posteo.ru> wrote: > > Andrew Gallagher wrote: >>>> On 14 Jul 2021, at 18:34, Стефан Васильев via Gnupg-users >>>> <gnupg-users@gnupg.org> wrote: >>> Viktor wrote: >>>> It's the same as putting any other public information in public key >>>> certificate. You can put first and last name, email address and even >>>> photo of another person. >>> But this information can be digitally verified and is issued EU wide by >>> Governemnt trusted sources in this field. >> But this puts logical causality the wrong way around. Just because the >> thing *being signed* is genuine, does not prove that the thing *doing >> the signing* is genuine. >> IMO this proposal is abuse of the public key infrastructure. If you >> want to sign an ID document, just sign an ID document and distribute >> it through other channels. Attaching it as a signed packet to a key >> adds zero value, at nonzero cost. > > What abuse do you see here, if I may ask? I see it as an non-public option > among virtual GnuPG friends to include in a duplicate certified data, which > is not meant to been distributed on keyservers etc. or made public to > the world and acts for two pub keys comparison.
As currently configured, there is nothing to stop this sort of information being uploaded to a keyserver. So while keyserver operators cannot yet forbid it, we should certainly not encourage it. And in any case, we should always ask what value is being added by a particular proposal, weighed against what (potential) costs are being incurred. Remembering that costs are not always borne by those enjoying the benefits. A _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
