On Sep 10, 2009, at 5:44 PM, Philippe Cerfon wrote:
On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen <r...@sixdemonbag.org
> wrote:
I understood him to mean the "key ID" as the fingerprint of the
certificate's primary signing key, rather than checking each bit of
the
certificate's primary signing key individually.
I meant the fingerprint, yes.
But now that you say it. Would it be "better" to not just check other
keys via their fingerprint, but to really copy them (e.g. per
USB-stick) from their owners and sign only such direct copies?
I suspect you are more in danger of being hit by meteors several times
in a row as you walk to your friend's house with the USB stick, than
you are in danger from SHA-1.
:)
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
