GPG support in Mahogany

Michael Nahrath
Tue Dec 10 17:18:02 2002

Hash: SHA1

Xavier Nodet <> schrieb am 2002-12-10 16:25 Uhr:

> Something more specific to mails. When a message is signed, we should
> verify that the 'From:' header actually matches one of the IDs of the
> signing key.

IMHO this is nonsense. I use much more mail addresses as a sender than I
would like to bloat my key with (check this mail for an example).

With configuring my mailserver to redirect * to my account it is
no problem to have all these adresses valid.

You may give a one-time warning to your users, that a discrepance betwheen
signing-key UID and From:-header might be seen as unpolite by some people
(although not by me).

Just think of all the people who write from a role-account! They can't all
include <support@company.TLD> into their personal key.

Greeting, Michi=20

Version: GnuPG v1.3.1 (Darwin)

-----END PGP SIGNATURE-----GNATURE-----=A4=055{CzA=A4=13=03=01avl cprmlo