| Michael Leone on Wed, 17 Apr 2002 20:10:25 -0400 |
|
On Wed, 2002-04-17 at 19:40, gabriel rosenkoetter wrote: > On Wed, Apr 17, 2002 at 06:39:31PM -0400, Michael Leone wrote: > > All participants have to have copies of everyone involved's fingerprint; > > it's just easier to funnel them to a central person, who then makes > > enough printouts for all participants to look at. > > Um, but if I blindly trust that the printout that Darxus gives me > matches what I'd get out of gpg --fingerprint for that key ID and > sign the key, I've misplaced my trust. Why? Isn't that a sign that you trust Darxus? And you do, don't you, since you've signed his key? > Even if you do use Darxus's handy printout, you MUST verify that the > fingerprint on that sheet of paper (that you verified against what > the person whose key it is read aloud *from* *their* *own* > *files*... that is NOT from Darxus's printout) matches with the > output of gpg --fingerprint for that key ID on your machine BEFORE > you do gpg --sign-key. Granted. > > > If you have 10 participants, and everyone brings enough copies > > of thier fingerprint for everyone else, everybody ends up with 10 > > pages per person. As opposed to 1 or 2, if done centrally. > > But bringing copies of your fingerprint for everyone and reading > your fingerprint aloud are redundant! It's still necessary to match > the fingerprints against what you have locally when you get home. I'm only going by previous experience. > > Also, not everyone comes with printouts of their fingerprint; I leave > > mine in my Palm. Saves on paper, etc. > > I think I have the first two blocks of mine memorized at this point. > ;^> I have the last 2 memorized, since that's used as keyID. :-) > In any case, I think you missed my point. I was saying that I could > just as easily print the fingerprints for everyone in place of > Darxus, if he's not going to be there (um, Darxus, could you maybe > say something about this? Soon?), and that they would be no more or > less trustworthy than Darxus's printouts. Probably wouldn't be a bad idea, Gabe. -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF PGP public key: <http://www.mike-leone.com/~turgon/turgon-public-key.gpg> Conform or be cast out. Attachment:
signature.asc
|
|