> I had thought the long key ID, plus my email address, should be > enough, since 8 characters hexadecimal numbers are unlikely to produce > a > collision, and even in case of a malicious attempt to replace my key, > if > 2 keys are found at the search, I would expect a contact to write and > say "which one is the good one?" (and... seriously, I don't think > anybody would try to impersonate me). But since everybody thinks the > "right thing" is to put the entire fingerprint, there is no reason to > don't do it. >
The 8 char key ID is enough for one to retrieve your public key from any keyserver, however, if that person would like to sign your key they need 2 things from you. At least one picture ID and your key's fingerprint. Chances are, if someone has your business card they have met you in person so they could easily have checked your ID. So including it on your business card makes it more convenient. That's the real reason for including the fingerprint instead of just the keyID. They are not going to use the fingerprint to retrieve the key, only to verify that the retrieved key is yours. -Dave _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
