[Enigmail] How to use fingerprints?
Robert J. Hansen
rjh at sixdemonbag.org
Thu Sep 4 12:17:54 PDT 2008
Derek VerLee wrote:
> This might be a naive question...
This question might be many things, but naïve ain't one of 'em. It's an
excellent question.
> isn't the point of fingerprint to provide a convenient way to verify
> you are seeing the correct key, when you are communicating over a
> channel where you have some other way of authenticating that person's
> identity?
Strike the word 'convenient' and you have it exactly right.
> What additional information is given by the fingerprint at the end of
> the email?
For a while I used to include my fingerprint in my sigblock. It wasn't
for any cryptographic purpose -- it was solely as a way of
evangelization. When people asked me what that weird string was at the
bottom of my sigblock, I took the opportunity to talk to them about
email privacy and security.
However, you're right: it serves essentially no cryptographic purpose.
If you're concerned about collisions in the short key ID (look at how
many keys 0xDEADBEEF there are on the servers), then you can look it up
by the full fingerprint -- but really, that's about the only
cryptographic purpose I can see.
More information about the Enigmail
mailing list