feature suggestion

David Shaw dshaw at jabberwocky.com
Fri Jan 3 15:10:02 CET 2003

On Fri, Jan 03, 2003 at 02:04:26PM +0100, Werner Koch wrote:
> On Thu, 2 Jan 2003 21:36:07 -0500, David Shaw said:
> > It seems like a good idea to me as well, but I'm worried about what it
> > will mean for various programs that call GnuPG.  The default GnuPG
> > config for Mutt, for example, uses the --quiet option.  People may be
> I don't think that it is a good idea at all.  The MUA should decide
> which address to display and GnuPG provides all required information.
> A MUA should even check that the From/Reply-to address matches one of
> the user ID in the signature.  Without this it would be easy to trick
> someone to reply (probably including quoted decrypted text) to a man
> in the middle.

I agree with you, but - there is no good way for the MUA to get this
information right now.  The text is currently:

gpg: Good signature from "primary uid"
gpg:                 aka "another uid"
gpg:                 aka "yet another uid"
gpg:                 aka "still another uid"

There is no --with-colons or --status-fd version of the display, so
the MUA needs to do a huge amount of string manipulation to extract
the user IDs out of the text output by GnuPG.  Come to think, this
would be an excellent use of the USER_ID status tag we were talking

As see it, the suggested --quiet flag is a different issue.  It would
just skip the "aka"s, and only on the "user readable" part of the
display.  If there was a --status-fd set, all of the user IDs would be
sent there regardless of the --quiet setting of course.


   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list