On Sunday 22 June 2008, The Fungi wrote: > On Sun, Jun 22, 2008 at 05:41:11PM +0200, Olivier Berger wrote: > > Is there any use in adding your fingerprint to the signature ? ... It > > seems misleading at least, if users think they can trust that... and > > without the public key, it's useless anyway. > > It's assumed that your public key can be commonly found on public > keyservers or by fingering your address. Putting your key > fingerprint in your .sig is *obviously* not equivalent to > cryptographically signing a particular message, but it does help > others identify that they've looked up the correct key for you if > they want to encrypt a response to you. It's only potentially > misleading if someone doesn't understand PKI in the first place, but > then what's the point of avoiding misleading someone about something > they don't know how to use in the first place?
;-) Well yes, people who are unable to make the difference between a cryptographically signed message and such that merely contains a key fingerprint at the end could not be a factor with regard to the originator identification and verification process, since they don't know what to verify anyway and since it is a well known fact that everybody can write a message with any free-form text appended at the end ;-) > I don't know if the > extra 40 characters make my .sig obscenely larger, but if they did I > might shorten it to a key ID instead. In order to shorten my appendix with one line I decided on key ID only instead, which is enough for public key diggers. -- pub key ID 0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]