On Wed, Jul 1, 2009 at 1:03 PM, Larry Cafiero<larry.cafiero@xxxxxxxxx> wrote: > On Wed, Jul 1, 2009 at 10:43 AM, inode0 <inode0@xxxxxxxxx> wrote: >> >> You cannot validate an imported key without having access to the full >> fingerprint. You should always validate the key's fingerprint with the >> key's owner before signing it. You can call the person or use some >> other means, it is convenient for people if it is just on the card. > > So let me make sure I'm following this (while exposing what a noob I am in > this regard): I would validate an imported key from you by checking what's > on my screen against the full fingerprint on your business card. Is that the > rationale and benefit of having the full fingerprint on the card? The key you are importing is likely not from me but from some key server on the internet. You might have received it directly from the key's owner, but I think that is unusual. yes, after confirming matching fingerprints you know it is my key. It is just easier to do that if I give you my fingerprint. John -- Fedora-marketing-list mailing list Fedora-marketing-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-marketing-list
