Signature as attachment ?

[Josh Huber]

Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE> writes:

> If I send someone a message, and I've got his key, Gnus doesn't
> suggest to encrypt the message.

Agreed, this would be nice...

> If I request encryption, Gnus doesn't let me chose the keys to use.

use the "recipients" keyword in the secure tag.

> Sometimes, Gnus flags a signature which is valid as invalid (and
> IIRC vice versa).

I haven't seen this (that wasn't caused by an MTA making the signature
invalid).  Do you have a case where Gnus claims the signature is
valid, when you know it isn't?

> Gnus does not deal with trust at all.  From the Gnus perspective,
> all keys are trusted.

Perhaps I'm missing something here, but the output clearly indicates
when a signature is made by an untrusted key.  For example, earlier in
this thread:

[[PGP Signed Part:Michael Simonsen <m.simonsen@mail.dk> 
Untrusted, Fingerprint: D0F3 47EA 3007 7C83 E3C0 8AB5 AB7E 3CF1 BC1A
132C]] 

> Gnus does not include all diagnotic output it receives from GnuPG by
> default.  It should, crucial information might be omitted otherwise.

Well, perhaps.  There is quite a bit of output, and showing it all
would probably obscure the message on most people's screens :)

> Gnus cannot create symmetrically encrypted messages, I think.

Okay, but this is pretty low-priority, I would think.

> Gnus does not deal properly with encrypted messages which do not use
> OpenPGP/MIME (that's my impression, maybe it's a local configuration
> issue).

This works fine for me.  Or, did you mean sending?  Verifying
plaintext encrypted/signed messages works fine for me, but I think
there's still a bug when sending cleartext signed messages which have
attachments.

This is all moot, since it appears we're going with pgg now! :)

-- 
Josh Huber