One of the better uses for key fingerprints is for inclusion in signature files and other places that a key itself is too bulky. By widespread dissemination of the fingerprint, the chances of a bogus key being undetected are decreased, since there ar more channels for the fingerprint to get to recipients, and more channels for the owner of a key to see any bogus fingerprints out on the net. It's also easier to validate keys with someone you don't know very well, since you've got more chances to see what the key for Joe X. is before meeting a person who tells you he's Joe X. and he'd like to have you sign his key, fingerprint 123456ABCDFEFG. On the other hand, if people widely start checking fingerprints they see, there *is* some opportunity for the Bad Guys to create a distrust and disinformation campaign by spreading false fingerprints and false keys. (Now that Tommy the Tourist's NSA-bait is getting more sophisticated, I'm almost surprised it's not including random PGP keys or fingerprints, whether real ones or bogus ones to prod people into checking signatures...) Bill