OpenPGP headers

Atom 'Smasher' atom at suspicious.org
Mon Nov 15 19:16:31 CET 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 15 Nov 2004, Moritz Schulte wrote:

> On Mon, Nov 15, 2004 at 11:50:00AM -0500, Atom 'Smasher' wrote:
>
>> let's say you get an email from "bob". you go to the keyservers and 
>> find several keys that claim to belong to bob, but you're not sure 
>> which one(s) are currently in use, or even which one ~really~ belongs 
>> to bob (none of the keys are signed). this header ads a _convenience_ 
>> (that shouldn't be considered secure!) to determine what key bob is 
>> using.
>
> Well, yes.  As i tried to clarify in my first mail: the information, 
> which makes most sense to me, is the key ID.  They key ID is something, 
> which cannot be derived from the mail, in case it is not signed.
===================

the "url" seems to be of general interest. for the sake of v3 keys and/or 
paranoid persons, the other fields seem to be of interest to people.


>> if this header is adopted as a standard, it could also allow MUAs to 
>> import a key when replying (but it must be understood that it's a 
>> convenience that may not be secure).
>
> Well.  gpg does that for me:
>
> moritz at sarkutty:~/.gnupg $ grep auto gpg.conf
> # auto-key-retrieve = automatically fetch keys as needed from the keyserver
> keyserver-options auto-key-retrieve
======================

that only works if you're replying to a signed message.


- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"Vietnam was the first war ever fought without
 	 any censorship. Without censorship, things can
 	 get terribly confused in the public mind."
 		-- General William Westmoreland

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBmPKEAAoJEAx/d+cTpVcifBEH/2UqzuYETu+dOqySMYmz9wET
uXX+ESsFdc66Z50cOS9aQP/O8xFlCeYE4u3JlQdFj8Ol2I8cui6IoHU4zLsZRvVU
RDJzyrjGuIeykWHmH52YnG7sxPUxvH6+B+PaF/d9BUsoiUn+m6Cz9dWRPMrYT2Xl
7pEJFibPN7nShpMlhcH77bpZLFgDwODK40MHN3ABBYzAdB2GUhpyS9PC6va3+cV5
I8u9v4tyscPzRtlYLagjGqz7L6Z6Z9STqI4sKvSbtgnslvcD0QSOrAVQBYHppTFn
Yy/rFPdTQhpsRKxI+ZiPvfAyPKRg/m0p6T7qSTU4kD6Yh0ZxXbT67V7eYoTLz6c=
=fJ8f
-----END PGP SIGNATURE-----

More information about the Gnupg-devel mailing list