key fingerprints - a practice question
David Shaw
dshaw@jabberwocky.com
Sun Jul 27 03:13:02 2003
--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Jul 26, 2003 at 11:12:44PM +0100, Neil Williams wrote:
> > Or is it a better practice to simply sign messages?
>=20
> I'd say definitely, yes. Your signature identifies your public key and I =
can=20
> retrieve it from a keyserver automatically from that. I don't need your=
=20
> fingerprint to import your key or to validate your signature.
Except in one (fairly uncommon) case - if you are using a signing
subkey, then the keyid in the signature cannot (yet) be used to
retrieve the key from a keyserver. In that case, a fingerprint (or
keyid) is helpful.
David
--9amGYk9869ThD9tj
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iHEEARECADEFAj8jJ1kqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJsr8AoK4gVXWaLNMWYqDL9KV+SJvDJttQAJ0T
kl/z+xrf44y8NR6xtWJluAoJnw==
=grJ3
-----END PGP SIGNATURE-----
--9amGYk9869ThD9tj--