On 06/06/2012 07:15 PM, Sam Smith wrote: > My efforts to verify the fingerprint are the best way to do this, correct?
"Best" is a relative term. The gold standard for validation involves meeting someone who claims to be Werner Koch, asking him for his passport, checking that his passport identifies him as Werner Koch and that all the anti-forgery measures are in place on the document, and having him tell you directly what his certificate fingerprint is. Of course, this just establishes you have the certificate of *a* Werner Koch, and maybe not the one you want. Certificate validation is a surprisingly hard thing to do. Sorry. :( _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users