Question about key fingerprint uses

Anthony Papillion anthony at papillion.me
Fri Apr 27 21:20:02 CEST 2012


> -------- Original Message --------
> Subject: Re: Question about key fingerprint uses
> From: Peter Lebbing <peter at digitalbrains.com>
> Date: Fri, April 27, 2012 5:40 am
> To: Anthony Papillion <anthony at papillion.me>
> 
> You're turning it around :). Rather than verify you are speaking to John using
> his fingerprint, you are verifying the fingerprint by speaking to John.
> 
> You should already be sure the person on the line is John Smith. John Smith then
> tells you his fingerprint such that you can be sure the key you're looking at
> actually belongs to John Smith, and hasn't been exchanged by a man in the middle.


Aha! That makes it crystal clear! Indeed, I had turned it around. So
then that's why key signing parties rely on verifiable ID. The user
verifies his ID so you can be sure the fingerprint he's providing is his
actual fingerprint. Makes perfect sense now.

Anthony




More information about the Gnupg-users mailing list