[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Announcing Bellcore's Trusted Software Integrity (Betsi) System
-----BEGIN PGP SIGNED MESSAGE-----
> In article <[email protected]>,
> Avi Rubin <[email protected]> wrote:
> >-----BEGIN PGP PUBLIC KEY BLOCK-----
> ...
> >-----END PGP PUBLIC KEY BLOCK-----
> >
> >Fingerprint:
> >
> >5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C
> I've seen this sort of thing several places...
> Am I totally off base in thinking that distributing the fingerprint in
> the same way as the public key is close to totally pointless?
Distributing the key fingerprint allows J. Random Human to correlate a
key supplied via one method with that supplied via another. For
example, now that I have the fingerprint for the Betsi key, I can
verify whether any other alleged Betsi key I see is real or not.
It's a lot easier to read off & cross-check 32-character fingerprints
than the entire key block, especially as signatures are added and the
key block grows in size.
- -Paul
- --
Paul Robichaux, KD4JZG | Demand that your elected reps support the
[email protected] | Constitution, the whole Constitution, and
Not speaking for Intergraph. | nothing but the Constitution.
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBLmJSdKfb4pLe9tolAQEZkgP/W7P8Edw8sEI78V3HgtDjXDo/F09Gw7VF
4FH6pMIVT9w/jT30Adf6BxL+dhb1mcHuBhnhr7bIA31cerZpt+NiVwBbqAoSh+XW
vFfkId5k3qmUIAypFQFe5BSHKS+yF6Rf8ERXZAFv2+a/ZJrpLxnW6FgFiU+dFt86
KEK/5EFiOCw=
=qlgk
-----END PGP SIGNATURE-----