On Fri, Sep 14, 2001 at 09:02:53PM -0500, Warren Turkal wrote: > Is it ok to have your GPG fingerprint publicly available? > It is not only OK, but encouraged. If one can confirm that your fingerprint is valid (i.e. by calling you and saying "is <foo> really your fingerprint?"), then it's a safe bet that they have the right key, instead of a spoofed key. The GPG key fingerprint can be obtained from any public key by running 'gpg --fingerprint <key_id>', so you could run 'gpg --fingerprint frodo@morgul.net' and see the fingerprint for my key (assuming it's in your keyring). Then, get in touch with me by some secure means and confirm that it's D896 D80A C030 7F05 701E D535 62B5 4B8C 1140 4EC3 and you know that you have the right key. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpt9mhGGrI92.pgp
Description: PGP signature