[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Announcing Bellcore's Trusted Software Integrity (Betsi) System



-----BEGIN PGP SIGNED MESSAGE-----

> In article <[email protected]>,
> Avi Rubin <[email protected]> wrote:
> >-----BEGIN PGP PUBLIC KEY BLOCK-----
> ...
> >-----END PGP PUBLIC KEY BLOCK-----
> >
> >Fingerprint:
> >
> >5F 34 26 5F 2A 48 6B 07  90 C9 98 C5 32 C3 44 0C

> I've seen this sort of thing several places...

> Am I totally off base in thinking that distributing the fingerprint in
>  the same way as the public key is close to totally pointless?

Distributing the key fingerprint allows J. Random Human to correlate a
key supplied via one method with that supplied via another. For
example, now that I have the fingerprint for the Betsi key, I can
verify whether any other alleged Betsi key I see is real or not.

It's a lot easier to read off & cross-check 32-character fingerprints
than the entire key block, especially as signatures are added and the
key block grows in size.

- -Paul

- -- 
Paul Robichaux, KD4JZG        |  Demand that your elected reps support the
[email protected]             |  Constitution, the whole Constitution, and
Not speaking for Intergraph.  |  nothing but the Constitution.

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLmJSdKfb4pLe9tolAQEZkgP/W7P8Edw8sEI78V3HgtDjXDo/F09Gw7VF
4FH6pMIVT9w/jT30Adf6BxL+dhb1mcHuBhnhr7bIA31cerZpt+NiVwBbqAoSh+XW
vFfkId5k3qmUIAypFQFe5BSHKS+yF6Rf8ERXZAFv2+a/ZJrpLxnW6FgFiU+dFt86
KEK/5EFiOCw=
=qlgk
-----END PGP SIGNATURE-----