A colleague of mine asked me to send him a signed e-mail of fingerprints of some keys that I'd personally verified earlier in the day. I'd also signed the keys, and published the signatures to a public key server.
I argued that my signature on the publicly available keys was as good as the signed e-mail of the fingerprints. He seemed to think that the public key server introduced the possibility of meddling with the keys (although I pointed out that if this was the case, my signatures wouldn't verify). Is a signed e-mail containing a fingerprint equivalent to signing a key? James _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
