feature suggestion

Janusz A. Urbanowicz alex at syjon.fantastyka.net
Fri Jan 3 15:30:01 CET 2003


On Fri, Jan 03, 2003 at 02:04:26PM +0100, Werner Koch wrote:
> On Thu, 2 Jan 2003 21:36:07 -0500, David Shaw said:
> 
> > It seems like a good idea to me as well, but I'm worried about what it
> > will mean for various programs that call GnuPG.  The default GnuPG
> > config for Mutt, for example, uses the --quiet option.  People may be
> 
> I don't think that it is a good idea at all.  The MUA should decide
> which address to display and GnuPG provides all required information.
> 
> A MUA should even check that the From/Reply-to address matches one of
> the user ID in the signature.  Without this it would be easy to trick
> someone to reply (probably including quoted decrypted text) to a man
> in the middle.

No MUA I know of, does this. Maybe the Mahogany will do.

I also don't know if it is good idea to enlist all possible addresses that I
may use in any context. I can think of about 8 addresses that my emails can
come from (that I use in various contexts and situations). Should I list all
of those in my key? Currently I list there only 3 addresses that are certain
to reach me. And listing all those during verification (below is output from
mutt) does not help much when there's From: <discussion list> for example.

[]
List-Archive: <http://lists.gnupg.org/pipermail/gnupg-users/>
X-Original-Date: Fri, 3 Jan 2003 13:30:58 +0100

[-- PGP output follows (current time: Fri Jan  3 14:39:11 2003) --]
gpg: Signature made Fri Jan  3 13:30:57 2003 CET using DSA key ID 4065A1DA
gpg: Good signature from "Thorsten Haude <yooden
gpg:                 aka "Thorsten Haude <yoo
gpg:                 aka "Thorsten Haude <yooden
gpg:                 aka "Thorsten Haude <thaude
gpg:                 aka "Thorsten Haude <mail
gpg:                 aka "Thorsten Haude <mutt
gpg:                 aka "Thorsten Haude <linux
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
gpg: Fingerprint: 8F4A 9AA1 2876 74C1 28E9  4ACF 5BFC 7624 4065 A1DA
[-- End of PGP output --]

[-- The following data is signed --]

Hi,
[]

Alex




More information about the Gnupg-devel mailing list