On Wed, Jul 1, 2009 at 1:07 PM, Frank Murphy<frankly3d@xxxxxxxxx> wrote: > On 01/07/09 19:03, Larry Cafiero wrote: >> >> On Wed, Jul 1, 2009 at 10:43 AM, inode0 <inode0@xxxxxxxxx >> <mailto:inode0@xxxxxxxxx>> wrote: >> >> >> You cannot validate an imported key without having access to the full >> fingerprint. You should always validate the key's fingerprint with the >> key's owner before signing it. You can call the person or use some >> other means, it is convenient for people if it is just on the card. >> >> >> So let me make sure I'm following this (while exposing what a noob I am >> in this regard): I would validate an imported key from you by checking >> what's on my screen against the full fingerprint on your business card. >> Is that the rationale and benefit of having the full fingerprint on the >> card? >> > > You should only validate, if also you have seen picture ID. Well, if you don't believe in the web of trust. :) John -- Fedora-marketing-list mailing list Fedora-marketing-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-marketing-list
