On Tue, Nov 04, 2003 at 01:33:21PM -0500, David Yitzchak Cohen wrote: > On Tue, Nov 04, 2003 at 12:43:44PM -0500, Rouben Rostamian wrote: > > > I have not experimented with pgp-signing mainly because I am not quite > > convinced of its value in casual communications, such as messages sent > > to this, or any other, mailing list. > > When some spammer starts sending all sorts of crap to a list you're on > claiming to be you, you may rapidly become convinced of its value. I am one who definetely sees its value, but I'm rather new to GPG and I'm having some trouble with the automatic key fetching function in Mutt (see further down). > > On the other hand, I finds signed messages annoying. I don't have > > any of senders' public keys -- this is an international forum, after > > all -- so pgp verification always fails. > > Well, you can set GPG to automatically fetch keys, or you can manually fetch > keys you care about (which is what I do, with a handy little script). How does this actually work? I have my pgp_getkeys_command set to: gpg --keyserver hkp://wwwkeys.pgp.net --recv-keys %r Should this work, provided that the sender of the signed email I'm reading has its public key exported to this server (or any other? how does HKP work?). And also, in your mail (the one I'm replying to now) I see these headers: X-GPG-Key: http://www.bigfatdave.com/dave/public.key X-GPG-Key-Direct-Link: http://67.81.72.42:8000/dave/public.key X-GPG-Key-Old-Location1: http://www.dave.tj/dave/public.key X-GPG-Key-Old-Location2: http://www.dave.tj:8080/dave/public.key X-GPG-Key-Old-Location3: http://www.dave.tj:8000/dave/public.key X-GPG-Notice: Remember: if it ain't signed, don't assume I sent it! s Verification of your signature fails on my setup, how can I tell Mutt to download your public key from the URL specified by the X-GPG-Key-Direct-Link header and import it into my keyring? I've looked through the online manual, but can't see anything about these headers, maybe I'm missing something. Sincerely, Aron Stansvik PS. Could you successfully verify the signature of this email? I have exported my public key to hkp://wwwkeys.pgp.net. DS. -- unemployed
Attachment:
pgpl3EVxcQNFh.pgp
Description: PGP signature