Proposed business card format changes

inode0 inode0 at gmail.com
Wed Jul 1 18:10:50 UTC 2009


On Wed, Jul 1, 2009 at 1:03 PM, Larry Cafiero<larry.cafiero at gmail.com> wrote:
> On Wed, Jul 1, 2009 at 10:43 AM, inode0 <inode0 at gmail.com> wrote:
>>
>> You cannot validate an imported key without having access to the full
>> fingerprint. You should always validate the key's fingerprint with the
>> key's owner before signing it. You can call the person or use some
>> other means, it is convenient for people if it is just on the card.
>
> So let me make sure I'm following this (while exposing what a noob I am in
> this regard): I would validate an imported key from you by checking what's
> on my screen against the full fingerprint on your business card. Is that the
> rationale and benefit of having the full fingerprint on the card?

The key you are importing is likely not from me but from some key
server on the internet. You might have received it directly from the
key's owner, but I think that is unusual.

yes, after confirming matching fingerprints you know it is my key. It
is just easier to do that if I give you my fingerprint.

John




More information about the Fedora-marketing-list mailing list