key generation: email-address necessary?

Martin Bretschneider mailing-lists-mmvi at bretschneidernet.de
Sat Feb 27 17:29:16 CET 2010 

Am Samstag 27 Februar 2010 schrieb Laurent Jumet:
> Hello Martin !
> 
> Martin Bretschneider <mailing-lists-mmvi at bretschneidernet.de> wrote:
> >>     You can use whatever you want to identify your key.
> >>     But in some cases, mail programs expect to find your e-mail.
> >
> > that was my expectation as well. But what do the email clients do
> > then? Do they say "no key available" or do the look for the name?
> > What are your experiences?
> 
>     They can call another key with a similar name. :-)
> 
>     It's not easy to answer that question, as it depends on your own
>  system. When you read a signed message, GPG provides a way to call
>  automatically the sender's public key on your designed servers, when
>  it doesn't find it in your PubRing; it goes on the Net, retrieves
>  the key, incorporates it in your KeyRing and than verifyes the
>  signature on the message. This process can abort if ID's doesn't
>  match.

I know that it depends on the system; this is why I wrote the email 
since I think that here are people that know GnuPG in combination with 
several email clients...

Let's break down the problem: A and B have public keys on some 
keyserver. A has no email address in his public key, B does.

AFAIK there are these four use cases concering emails and OpenPGP:

1: A sends a signed email to B. 
2: A sends a (signed and) encrypted email to B. 
3: B sends a signed email to A. 
4: B sends a (signed and) encrypted email to A. 

Use case 1 and 2 should be no problem. Based on the key information 
saved in the signature the email client of B should get the public key 
of A. The email adress does not matter.

Use case 3 should also be no problem since it does not deals with A 
public key.

Use case 4 is the problematic one, B's email client does not know 
anything about A. B's email client could search for A fore- and surename 
on a keyserver...

What do you think?

TIA  Martin



-- 
http://www.bretschneidernet.de/        OpenPGP-key: 0x4EA52583
           _o)(o_                         Sallust:
         -./\\//\.-              Nam idem velle atque idem
          _\_VV_/_          nolle, ea demum firma amicitia est.

More information about the Gnupg-users mailing list