On Tue, May 02, 2006 at 03:46:30PM -0600, Mitchell Brown wrote: > I don't understand - is it possible to sign a key with just a fingerprint? > Like, if I'm not on a keyserver then its not much good is it? >
Hi again, The purpose of the fingerprint is to confirm the validity of the key you have download/received via email/paper copy/morse code/carrier pidgeon. As I have physically met you, confirmed your identity and been handed a peice of paper with the fingerprint written on it I can be sure that it (the fingerprint) is real. When I get the key, I import it and get gpg to show me the fingerprint (this acts like a check sum). If it matches then I can feel sure that the key belongs to you, even though I did not get the key directly from you. So when I sign the key I am happy to vouch for your identity - by signing all I am saying is that 'I confirm that this is xxx's public key', nothing more than that (I might still think you are an untrustworthy person ;-). Like I said we can act this out at the LUG as a demostration. Simon. PS. If you're having difficulty getting a key onto the public servers you can use the web interface (wwwkeys.eu.pgp.net) or even the email interface ([EMAIL PROTECTED]). _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
