Key signing without a fingerprint?

Anthony E. Greene agreene@pobox.com
Wed Jan 30 16:25:02 2002


On Wed, 30 Jan 2002, Huels, Ralf SCORE wrote:
>yesterday I met with a guy who had forgotten to bring his key fingerprint
>and we considered the following protocol:
>
>- I gave him my fingerprint and we exchanged photo ID
>- We agreed an a shared secret - a pass phrase
>- He will send his fingerprint and the shared secret in one message,
>  encrypted to my key.
>
[snip]
>
>Would you consider this sufficient security for signing a key?

Yes.


Tony
-- 
Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Messenger: TonyG05
Linux: the choice of a GNU Generation. <http://www.linux.org/>