Photo-ID: questions
Ruediger Kupper
ruediger.kupper at honda-ri.de
Thu Feb 19 14:18:07 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello.
Is there some consensus on the why and how of Photo IDs?
I have one included in my key for some time now, and the image is so
outdated that I think about replacing it with a new one. So I try to
solve the following questions, and would appreciate your comments:
1. What should be the size of the picture, both, in terms of pixels,
as well as file size. GnuPG itself recommends to keep the size in
pixels close to 240x288. A 200x260 pixel JPEG portrait of myself has
a size of 16K when uncompressed, and 8K with a resonable
compression. In discussions I have read that the files size should
best not exceed 4K. Compressing my 200x260 picture to a size of 4K
or less introduces considerable compression artefacts. Should I go
with the artefacts, or should I generally use a smaller picture (in
pixels), e.g. 100x130. What arguments are there for the former or
the latter?
2. In general, should one use photo IDs at all? Do they increase
security or ease the process of key validation? Couldn't they fool
other persons into signing the key just because they recognize my
picture on it? (Anyone could download my picture from my website, so
it is no prrof at all that the key really belongs to me).
3. In addition to my portrait, I have included the jpeg of my
handwritten signature into my key (e.g. to provide a means to
validate my signature on paper documents, provided you have a
trusted copy of my GPG key). Is this a reasonable thing to do or is
it complete nonsense? Do I miss any security issue here, or does
this contradict the intended use of photo IDs? Again, anybody could
have scanned my signature from any paper document that I have
signed, so this, too, does serve as an authentication feature).
Thank you in advance for comments,
regards,
Rüdiger
- --
Rüdiger Kupper
Honda Research Institute Europe GmbH
Carl-Legien-Straße 30
D-63073 Offenbach/Main, Germany
Phone : +049 (0)69-890 11-725
Fax : +049 (0)69-890 11-749
E-Mail: Ruediger.Kupper at Honda-RI.de
PGP ID: C2303358
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3 (GNU/Linux)
Comment: My key is available at
https://neuro.physik.uni-marburg.de/~kupper
iD8DBQFANLeLArljR8IwM1gRAva4AJ0YkDLK7CM4YMHz87bA08U3tPVG9gCgsZpd
OtkFvydQanYs0BmQ6rW/shE=
=gcVa
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list