Gunnar Wolf dijo [Wed, Aug 10, 2016 at 02:08:12PM -0500]: > That's the reason why a key by itself means little, but we do place > value on the web of trust around it. > (...blah...) Anyway, I managed to twist my mail with many facts and make it into a long mess :) That was my main point. Nobody should trust my key to be "just" even AB41C1C68AFD668CA045EBF8673A03E4C1DB921F — It's not yet feasible to willingly create a collision, but by mere chance, somebody might just find it on their next key generation. My identity should be trusted based on this long number plus the web of trust around it. It is highly unlikely somebody will find a collision with my fingerprint by itself, but it's mindboggingly stupidly utterly bloody unlikely some will find two, three other (even 64-bit) collisions to sign my fake with. And I have over a hundred ;-)
Attachment:
signature.asc
Description: Digital signature