Key Signing
David Turner
dct25@cam.ac.uk
Mon Apr 30 10:38:02 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apologies for the earlier blank email - a cock up on the signing front.
What I was trying to say was, suppose I am normally in contact with
someone only by email. We happen to meet, and although I have my key
fingerprint with me, he does not. Is there a secure way of him sending me
his fingerprint by email once he knows that my key is mine?
For example, if we were to organise a password at the meeting, then he
goes home and sends me an encrypted email containing the password and his
fingerprint, even if an interceptor spotted he had sent a mail entitled
"My Fingerprint" he wouldn't be able to spoof that mail because he
wouldn't know the password.
Or is it just a Bad Thing to accept fingerprints through any digital
medium?
- --
Dave Turner
dct25@cam.ac.uk
-----BEGIN PGP SIGNATURE-----
iD8DBQE67SQqeFNVJYkmfV8RAjLjAJ4yavkbngTvkoa6ubdHU9MnyaHwbACfR1IT
jFAG714fLaYoqiqgAut94nc=
=QbNg
-----END PGP SIGNATURE-----