feature suggestion
David Shaw
dshaw at jabberwocky.com
Fri Jan 3 15:10:02 CET 2003
On Fri, Jan 03, 2003 at 02:04:26PM +0100, Werner Koch wrote:
> On Thu, 2 Jan 2003 21:36:07 -0500, David Shaw said:
>
> > It seems like a good idea to me as well, but I'm worried about what it
> > will mean for various programs that call GnuPG. The default GnuPG
> > config for Mutt, for example, uses the --quiet option. People may be
>
> I don't think that it is a good idea at all. The MUA should decide
> which address to display and GnuPG provides all required information.
>
> A MUA should even check that the From/Reply-to address matches one of
> the user ID in the signature. Without this it would be easy to trick
> someone to reply (probably including quoted decrypted text) to a man
> in the middle.
I agree with you, but - there is no good way for the MUA to get this
information right now. The text is currently:
gpg: Good signature from "primary uid"
gpg: aka "another uid"
gpg: aka "yet another uid"
gpg: aka "still another uid"
There is no --with-colons or --status-fd version of the display, so
the MUA needs to do a huge amount of string manipulation to extract
the user IDs out of the text output by GnuPG. Come to think, this
would be an excellent use of the USER_ID status tag we were talking
about...
As see it, the suggested --quiet flag is a different issue. It would
just skip the "aka"s, and only on the "user readable" part of the
display. If there was a --status-fd set, all of the user IDs would be
sent there regardless of the --quiet setting of course.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list