----- Original Message -----
From: "Simon Josefsson" <jas(_at_)extundo(_dot_)com>
To: <ietf-openpgp(_at_)imc(_dot_)org>
Sent: Monday, July 01, 2002 3:11 PM
Subject: photo support?
Is there a standardized way to embed photos in OpenPGP keys? Anyone
interested in writing such a standard?
as it is now, it is definitely 'different' for PGP and GnuPG.
PGP compresses the .jpg into the photo id, and does not export it when
exporting the key.
GnuPG leaves the .jpg intact as added by the user, and exports it intact as
part of the .asc
if PGP downloads a public key with a photo id, that was generated by GnuPG,
it will export a photo as part of the .asc, but 'altered/compressed'.
the exported .asc of the public key will be different than the exported .asc
of the GnuPG key.
as a side-issue,
since the .jpg of a GnuPG generated photo-id is left intact,
it is possible to steganographically embed data within the key id photo
which can be retrieved intact from anywhere by downloading the key from an
ldap server.
it is possible to store a conventionally encrypted pgp file containing a
revocation certificate and passphrase for the key, and still have the .jpg
size at 4k,
but it is also possible to store the private key too, but with a .jpg
carrier size of 20 k.
this can lead to an overburdening of servers with 'bloated' keys, with
whatever someone may decide to want to 'store'.
it might be worthwhile to consider some maximal size for a recommended
standard, which can be implemented by the servers
refusing to accept a key greater than a certain size.
a reasonable size would be the size of existing typical keys with photo
id's, with a .jpg size of 4k.
{for illustration purposes, PRZ's photo size is 3.7k}
vedaal