In this paper, we argue that person-to-person key distribution is best accomplished with a key-centric approach, instead of PKI: users should distribute public key fingerprints in the same way they distribute phone numbers, postal addresses, and the like. To make this work, fingerprints need to be small, so users can handle them easily; multipurpose, so only a single fingerprint is needed for each user; and long-lived, so fingerprints don't have to be frequently redistributed. We show how these qualities can be achieved with simple and well-understood techniques. The chief technique is for each user to store a root key in a highly secure environment and use it to certify subkeys for use in more convenient environments. Certificate formats like X.509, PGP, and SPKI could be used for this, but we argue that a format designed expressly for this could do a better job; thus we design the cryptoID certificate format. Categories and Subject Descriptors D.4.6 [Operating Systems]: Securit...