OpenPGP headers

Atom 'Smasher' atom at
Mon Nov 15 19:16:31 CET 2004

Hash: SHA256

On Mon, 15 Nov 2004, Moritz Schulte wrote:

> On Mon, Nov 15, 2004 at 11:50:00AM -0500, Atom 'Smasher' wrote:
>> let's say you get an email from "bob". you go to the keyservers and 
>> find several keys that claim to belong to bob, but you're not sure 
>> which one(s) are currently in use, or even which one ~really~ belongs 
>> to bob (none of the keys are signed). this header ads a _convenience_ 
>> (that shouldn't be considered secure!) to determine what key bob is 
>> using.
> Well, yes.  As i tried to clarify in my first mail: the information, 
> which makes most sense to me, is the key ID.  They key ID is something, 
> which cannot be derived from the mail, in case it is not signed.

the "url" seems to be of general interest. for the sake of v3 keys and/or 
paranoid persons, the other fields seem to be of interest to people.

>> if this header is adopted as a standard, it could also allow MUAs to 
>> import a key when replying (but it must be understood that it's a 
>> convenience that may not be secure).
> Well.  gpg does that for me:
> moritz at sarkutty:~/.gnupg $ grep auto gpg.conf
> # auto-key-retrieve = automatically fetch keys as needed from the keyserver
> keyserver-options auto-key-retrieve

that only works if you're replying to a signed message.

- -- 

  PGP key -
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"Vietnam was the first war ever fought without
 	 any censorship. Without censorship, things can
 	 get terribly confused in the public mind."
 		-- General William Westmoreland

Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?


More information about the Gnupg-devel mailing list