>...and your threat model includes collisions.

OK, to be clear, I am specifically contending that a key fingerprint does not include collisions. My proof is empirical, that no one has come up with an attack on 64 bit PGP key fingerprints.

Collisions mean that an attacker can generate two or more messaging identities with the same fingerprint. How would that help them in some way?