Photo ID is not needed for key signings....
Ryan Anderson
randerso at ece.eng.wayne.edu
Fri Jun 13 12:04:27 PDT 1997
On Fri, 13 Jun 1997, Bill Frantz wrote:
> >pub 2048/FFFFFFFF 01/01/90 John Doe john.doe at anonymous.com
> >sig John Doe (0xFFFFFFFF)
> >sig Mary Jane (0xAAAAAAAA)
> >sig Tom Thumb (0x11111111)
> >sig Tiny Tim (0xCCCCCCCC)
> >aka John Doe john.doe at who-is-it.com
> >sig John Doe (0xFFFFFFFF)
> >
> >Since John Doe is the only one who could sign the key with the new aka one
> >can assume that the aka is as valid as the original userid.
>
> So if John Doe wants to be known as "president at whitehouse.gov" or "Tim May
> <tcmay at got.net>" all he has to do is change the field, and upload the
> changed key to the key servers, and all the signatures should remain good?
Well, no, not really. See, the way PGP handles keys (at least the RSA
keys) makes it very difficult to remove an id once it's hit a keyserver.
Oh yeah, a signature also encompasses the key-id that you sign when you
sign the key. So the signatures would fail if the key-id they referred to
was drastically changed...
-----------------------------------------------------------------------
Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing"
Wayne State University - CULMA "May you live in interesting times.."
randerso at ece.eng.wayne.edu Ohio = VYI of the USA
PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9
-----------------------------------------------------------------------
More information about the cypherpunks-legacy
mailing list