-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I seem to recall reading somewhere that when exchanging keys in
person, you should not only have the person verify the key
fingerprint, but you should also present them with 1) an unpredictable
challenge document to sign or 2) verify that they can
The general practice I follow is to verify fingerprint and ID separately
then, in order to verify control of email address and private key, send the
signed ID encrypted to the provided email address.
On Wed, Nov 13, 2013 at 11:49 AM, Phil Calvin p...@philcalvin.com wrote:
-BEGIN PGP
On Friday 15 November 2013 11:39:30 Phil Calvin wrote:
On Nov 15, 2013, at 11:02, Thomas Harning Jr. harni...@gmail.com wrote:
The general practice I follow is to verify fingerprint and ID separately
then, in order to verify control of email address and private key, send
the signed ID