[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] : gpg fingerprint in mail's signature ? - Was: Re: RFS: gtkwhiteboard (now dfsg compatible)

On Sun, Jun 22, 2008 at 05:41:11PM +0200, Olivier Berger wrote:
> Is there any use in adding your fingerprint to the signature ? ... It
> seems misleading at least, if users think they can trust that... and
> without the public key, it's useless anyway.

It's assumed that your public key can be commonly found on public
keyservers or by fingering your address. Putting your key
fingerprint in your .sig is *obviously* not equivalent to
cryptographically signing a particular message, but it does help
others identify that they've looked up the correct key for you if
they want to encrypt a response to you. It's only potentially
misleading if someone doesn't understand PKI in the first place, but
then what's the point of avoiding misleading someone about something
they don't know how to use in the first place? I don't know if the
extra 40 characters make my .sig obscenely larger, but if they did I
might shorten it to a key ID instead.
-- 
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
Reply to: