OpenPGP headers
Moritz Schulte
mo at g10code.com
Mon Nov 15 19:09:51 CET 2004
On Mon, Nov 15, 2004 at 11:50:00AM -0500, Atom 'Smasher' wrote:
> let's say you get an email from "bob". you go to the keyservers and
> find several keys that claim to belong to bob, but you're not sure
> which one(s) are currently in use, or even which one ~really~
> belongs to bob (none of the keys are signed). this header ads a
> _convenience_ (that shouldn't be considered secure!) to determine
> what key bob is using.
Well, yes. As i tried to clarify in my first mail: the information,
which makes most sense to me, is the key ID. They key ID is
something, which cannot be derived from the mail, in case it is not
signed.
> if this header is adopted as a standard, it could also allow MUAs to
> import a key when replying (but it must be understood that it's a
> convenience that may not be secure).
Well. gpg does that for me:
moritz at sarkutty:~/.gnupg $ grep auto gpg.conf
# auto-key-retrieve = automatically fetch keys as needed from the keyserver
keyserver-options auto-key-retrieve
moritz at sarkutty:~/.gnupg $
Thanks,
Moritz
--
Moritz Schulte
More information about the Gnupg-devel
mailing list