this is not quite the cipherpunk's creed...because there is no such jingoist thing. but still:
"this is my pgp key. there are many like it, but this one is mine. my key is my best friend. without me, my key is useless."
...except that there are assholes out there who spend time on engineering pgp short-id collisions.
but if you search the keyservers for keys with my email address or by short key id, then you'll find some very clashing crap that does not belong to me at all:
$ gpg --batch --search-keys --keyid-format short B963BD5F ... 4096 bit RSA key B963BD5F, created: 2014-06-16, expires: 2016-11-02 (revoked) (expired) ... 4096 bit RSA key B963BD5F, created: 2013-11-03, expires: 2019-07-02 $ gpg --batch --search-keys --keyid-format short 5B586291 ... 1024 bit RSA key 5B586291, created: 2014-06-16 (revoked) ... 1024 bit RSA key 5B586291, created: 1996-08-03 $ gpg --batch --search-keys --keyid-format short 42BD645D ... 1024 bit DSA key 42BD645D, created: 1999-06-06, expires: 2015-09-11 (expired) 1024 bit RSA key 42BD645D, created: 2014-06-16, expires: 2015-09-10 (revoked) (expired)
in all three cases the key created on (or with the clock set to) 2014-06-16 is not mine, despite the short form of the key id matching mine. the long ids are different, just as expected.
morale: short key ids are passé, use the long ones and only the long ones.
morale 2: there's always some asshole somewhere who tries to wreck things just to wreck things.