Using the OTR plugin with Pidgin for verifying GPG public key fingerprints
Robert J. Hansen
rjh at sixdemonbag.org
Sat Mar 13 07:10:20 CET 2010
> You have an existing credential - a passport.
> You then use that credential to verify another - a PGP key.
The passport isn't used to verify the OpenPGP key. The passport is used to verify *identity*. The key fingerprint is used to verify the OpenPGP key.
A signature is a statement of "I believe this person is associated with this OpenPGP key." To do that, you have to first verify the person is who you think they are (the passport); you have to verify the key is what you think it is (the fingerprint); and then you make a statement about the two being associated.
More information about the Gnupg-users
mailing list