> How percentage of PGP (or GPG?) users, do you think, know that checking > fingerprint only is not an assurance against fake signatures? Did you know? Given that this only affects PGP 2.6 certificates, and GnuPG users overwhelmingly use modern v4 certificates, this is not a major problem for GnuPG users.