ID Substring Matching

Lann Martin lann-gnupg at hurricanelabs.com
Fri Sep 5 21:17:38 CEST 2008


I suggest that the current behavior for resolving recipients be changed:

If I specify a recipient on the command line, say:
-r friendly at example.com
gpg may select <unfriendly at example.com> as the actual recipient. Despite
being documented in the manual, this feature is potentially dangerous
for the inexperienced GnuPG user (me). Also, it is an uncommon enough
issue that one could go a long time without running into it and
realizing the correct way of specifying an exact address
(<friendly at example.com>).

I see several ways to resolve this:

1. Don't make substring matching the default (it would still be
available with the * prefix). This would be a compatibility problem, but
maybe worth it.

2. Try to match recipients with a '@' in the string as an exact e-mail
address first, falling back on sub-string matching. This isn't ideal, as
it still could behave badly if the true recipient isn't in your keyring.

3. At least warn users when a recipient is resolved with substring
matching (and the * prefix isn't used). This will give users a chance to
learn the correct syntax before making a potentially costly mistake.

-Lann Martin



More information about the Gnupg-devel mailing list