OpenPGP headers

Moritz Schulte mo at
Mon Nov 15 19:09:51 CET 2004

On Mon, Nov 15, 2004 at 11:50:00AM -0500, Atom 'Smasher' wrote:

> let's say you get an email from "bob". you go to the keyservers and
> find several keys that claim to belong to bob, but you're not sure
> which one(s) are currently in use, or even which one ~really~
> belongs to bob (none of the keys are signed). this header ads a
> _convenience_ (that shouldn't be considered secure!) to determine
> what key bob is using.

Well, yes.  As i tried to clarify in my first mail: the information,
which makes most sense to me, is the key ID.  They key ID is
something, which cannot be derived from the mail, in case it is not

> if this header is adopted as a standard, it could also allow MUAs to 
> import a key when replying (but it must be understood that it's a 
> convenience that may not be secure).

Well.  gpg does that for me:

moritz at sarkutty:~/.gnupg $ grep auto gpg.conf
# auto-key-retrieve = automatically fetch keys as needed from the keyserver
keyserver-options auto-key-retrieve
moritz at sarkutty:~/.gnupg $


Moritz Schulte

More information about the Gnupg-devel mailing list