On Sun, Jun 22, 2008 at 05:41:11PM +0200, Olivier Berger wrote: > Is there any use in adding your fingerprint to the signature ? ... It > seems misleading at least, if users think they can trust that... and > without the public key, it's useless anyway.
It's assumed that your public key can be commonly found on public keyservers or by fingering your address. Putting your key fingerprint in your .sig is *obviously* not equivalent to cryptographically signing a particular message, but it does help others identify that they've looked up the correct key for you if they want to encrypt a response to you. It's only potentially misleading if someone doesn't understand PKI in the first place, but then what's the point of avoiding misleading someone about something they don't know how to use in the first place? I don't know if the extra 40 characters make my .sig obscenely larger, but if they did I might shorten it to a key ID instead. -- { IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657); SMTP([EMAIL PROTECTED]); IRC([EMAIL PROTECTED]); ICQ(114362511); AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER([EMAIL PROTECTED]); MUD([EMAIL PROTECTED]:6669); WWW(http://fungi.yuggoth.org/); } -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]