> -------- Original Message --------
> Subject: Re: Question about key fingerprint uses
> From: Peter Lebbing <pe...@digitalbrains.com>
> Date: Fri, April 27, 2012 5:40 am
> To: Anthony Papillion <anth...@papillion.me>
> 
> You're turning it around :). Rather than verify you are speaking to John using
> his fingerprint, you are verifying the fingerprint by speaking to John.
> 
> You should already be sure the person on the line is John Smith. John Smith 
> then
> tells you his fingerprint such that you can be sure the key you're looking at
> actually belongs to John Smith, and hasn't been exchanged by a man in the 
> middle.


Aha! That makes it crystal clear! Indeed, I had turned it around. So
then that's why key signing parties rely on verifiable ID. The user
verifies his ID so you can be sure the fingerprint he's providing is his
actual fingerprint. Makes perfect sense now.

Anthony


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to