1998-07-23 - pgp fingerprint

Header Data

From: Gustavo Henrique <gustavoh@sysadmin.com.br>
To: cypherpunks@toad.com
Message Hash: 23fb670a9a72450352d1a2a5e01c496919b8a483accb235c6fe98a07ea34d098
Message ID: <3.0.5.32.19980722235815.00b8e780@208.30.28.18>
Reply To: N/A
UTC Datetime: 1998-07-23 02:59:17 UTC
Raw Date: Wed, 22 Jul 1998 19:59:17 -0700 (PDT)

Raw message

From: Gustavo Henrique <gustavoh@sysadmin.com.br>
Date: Wed, 22 Jul 1998 19:59:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: pgp fingerprint
Message-ID: <3.0.5.32.19980722235815.00b8e780@208.30.28.18>
MIME-Version: 1.0
Content-Type: text/plain


I've just started studying pgp and crypo and I have a doubt that
maybe you can answer.

Correct me if I'm wrong:
the fingerprint was invented so you can check with the owner of the
public key if his key is correct. Since the fingerprint is something
small, you can check it over the phone or some other way.

The question is: why people put their fingerprints on a mail signature ?
Some one could have changed his public key and changed his message, so
that fingerprint will match a wrong public key.
Isn't it the same nonsense as putting the public key in an email message
(without
signing nor encrypting it) ?


Thanks for the attention,

	Gustavo Henrique

=============================================================
Gustavo Henrique Maultasch de Oliveira        Sysadmin.com.br
            
gustavoh@sysadmin.com.br           http://www.sysadmin.com.br
=============================================================





Thread