On Wed, Jul 1, 2009 at 1:07 PM, Frank Murphy<frankly3d(a)gmail.com> wrote:
On 01/07/09 19:03, Larry Cafiero wrote:
>
> On Wed, Jul 1, 2009 at 10:43 AM, inode0 <inode0(a)gmail.com
> <mailto:inode0@gmail.com>> wrote:
>
>
> You cannot validate an imported key without having access to the full
> fingerprint. You should always validate the key's fingerprint with the
> key's owner before signing it. You can call the person or use some
> other means, it is convenient for people if it is just on the card.
>
>
> So let me make sure I'm following this (while exposing what a noob I am
> in this regard): I would validate an imported key from you by checking
> what's on my screen against the full fingerprint on your business card.
> Is that the rationale and benefit of having the full fingerprint on the
> card?
>
You should only validate, if also you have seen picture ID.
Well, if you don't believe in the web of trust. :)
John