1996-08-03 - Re: Why Fingerprints and Key-ID’s

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: Paul Wittry <ppw3@everett.com>
Message Hash: 4809604615887ac9123d58f2b92dcab053cbdcebed6533b906dc27f54838814a
Message ID: <199608030959.CAA23261@toad.com>
Reply To: N/A
UTC Datetime: 1996-08-03 11:35:35 UTC
Raw Date: Sat, 3 Aug 1996 19:35:35 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 19:35:35 +0800
To: Paul Wittry <ppw3@everett.com>
Subject: Re: Why Fingerprints and Key-ID's
Message-ID: <199608030959.CAA23261@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:42 PM 8/2/96 -0700, Paul Wittry <ppw3@everett.com> wrote:
>I understand PGP Open-Signed messages and why they are used. I've 
>read all the FAQ's. I can't seem to figure out why some of us put our 
>Fingerprints and/or Key-ID's at the end of messages.

Even with the PGP Web Of Trust, one of the difficult problems
in cryptography is how to do key distribution - if you want to
talk to Bob, how do you know you've really got _Bob's_ key
instead of a key some imposter Eve _said_ was Bob's key?
Similarly, if you receive a message saying "Bank X will pay
you $Y, signed Bank X Small-Transactions-Teller", 
how do you know it really came from them and wasn't signed
by some fake key that Carol genned up?  
One way is to get some well-known person to sign your key,
or a chain of people which get you to a sig for the key you want.

Another way is to give out your key, often.  That way someone
who gets email from "you", signed by "your" key, can compare
the key with previous keys you've stuck on your email and
business cards, and scream if there's a mismatch.
For this, remember to use the full key fingerprint, not just
the short KeyID which can be duplicated arbitrarily.
This is especially useful for pseudonymous people like
Black Unicorn.

Another reason is just to remind people you've got a PGP key
and make it easier to look up 0x12345678 correctly than
"Joe Anonymous" or "smith".
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!






Thread