key fingerprints - a practice question

Johan Parin Johan.Parin@abc.se
Sun Jul 27 13:56:01 2003


--=-=-=
Content-Transfer-Encoding: quoted-printable

David Shaw writes:

  David> Except in one (fairly uncommon) case - if you are using a
  David> signing subkey, then the keyid in the signature cannot (yet)
  David> be used to retrieve the key from a keyserver.  In that case,
  David> a fingerprint (or keyid) is helpful.

I can see that you have *both* keyid, fingerprint *and* an
X-Request-PGP URL in your message headers. Is this just to provide
redundant means of aquiring your key in case keyserver / web server is
down, or is there another thought behind this, like a URL can be
hijacked and the fingerprint can then be used to verify the downloaded
key? For retrieval purposes from keyservers, isn't the keyid
sufficient or are there servers which will let you search by
fingerprint but not by keyid?


=2D-=20
Johan Parin <Johan.Parin@abc.se>

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA/I73/BXDEkJspWLARAoZYAJ9Uk8RJgOf7Pn+76yeb2HXXqSCjggCbBrYK
2IdCScTsEwyBA0dLm+8mPto=
=7jU9
-----END PGP SIGNATURE-----
--=-=-=--