key-signing for pseudonyms

Neil Williams linux at codehelp.co.uk
Sat May 15 14:41:47 CEST 2004


On Saturday 15 May 2004 7:05, Atom 'Smasher' wrote:
> what happens, though, when one uses a pseudonym, alias, or "hacker name"
> as the name in their pgp key? if one is at a key-signing party, or just a
> room full of pgp users, how does one "prove" that identity?

If you don't correspond with that person in an environment where that alias or 
nickname is regularly used, don't sign that UID. There is no other reliable 
method of verification. When you verify the key face-to-face, you can always 
ask about the nickname, where it's used and verify it later before actually 
signing the key.

> how much of the verification relies on control of an email address and
> key, vs how much depends on verifying the name of the person? would a
> photo in the key add credibility?

No, IIRC, we've had this discussion about photo ID's before - IMHO, photo 
UID's are of use when you are hoping to meet someone for the first time 
because they help you find each other at the pub/event. However, the photo ID 
would need to be verified face-to-face when most people would want to see 
separate photo ID like a passport anyway. It would be helpful to sign the 
photo UID when you have verified a passport face-to-face, I suppose (for 
others to know that it has been checked), but I can't see much more use than 
that. I certainly don't think that a photo UID has any effect on the 
credibility of the rest of the key simply as a photo.


-- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040515/b9445cf1/attachment.bin


More information about the Gnupg-users mailing list