Key ID format: short or long?

Faramir faramir.cl at gmail.com
Wed Oct 22 07:41:16 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Newman escribió:

> The 8 char key ID is enough for one to retrieve your public key from
> any keyserver, however, if that person would like to sign your key they

  That is what I thought, they would use the KeyID instead of the
fingerprint (but then somebody pointed the Key ID is the last part of
the fingerprint, a fact I had not noticed before). So I can either tell
them the last part of the fingerprint can be used to retrieve the key,
or give them my biglumber url... I chose to give my biglumber url, since
if I ever have to change my email address, I can just update my key, and
 they could retrieve the update key, with the new UID linked to the new
email address...

> need 2 things from you.  At least one picture ID and your key's
> fingerprint.  Chances are, if someone has your business card they have

  That is if we are talking about some kind of notary or assurer... But
if I give the card to a cousin, he would not require my picture ID...
And some other people would not really care if they know my real
identity, as long as they know my real email address... As an example, I
am in an alliance of players of some multiplayer game. While everybody
was invited by somebody they know in real life, some just knew the one
who invited them. So the first time I went to a barbecue with them,
everybody was talking to the other people referring to them by their
nicknames... However, it would be important to exchange our email
addresses, and it would be a good thing to use gpg... sometimes a player
send his "game sensitive information", like user and password... or even
worst, they post them into the alliance forum (and we know there have
been attempts to penetrate the forum...). Well, this was just a real
example about situations where real ID is not important...

> for including the fingerprint instead of just the keyID.  They are not
> going to use the fingerprint to retrieve the key, only to verify that the
> retrieved key is yours.

  Right, now I am convinced the whole fingerprint is better...


  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJI/rz8AAoJEMV4f6PvczxAAc4H+wZPt5Hqs/vpeC6keddFDihd
64gSIosy6cI84pyd0rB4qJKBSfcNzKpFVz6Ow7JVvRlNyHQ8SDeIrKjlVSXsFhEJ
YA9vuUPsZIDcIXEdDsbbVVm2RWDONXgtz4pdAOQReKPZN+9C5E4Tb2G5oyfNVLZW
gtlIWIQ0m0JAzg97ZceXPp3Z9laH3+EzRz7zTEWXsSj9TH1WdkFkYr8n2MQ418Xh
6i1o5DZC8liC7qFtWJjMZJzJ5maqfOTheBXFqslVbN5KYfjxO4qW9RIzafM2pCUe
E6MrF/R6Icp/ICALIxQ226px5q7ColB4tO4KfHeTXHzZE14KBLDNDFSb0JQZ2FY=
=0B0A
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list