<<< Date Index >>>     <<< Thread Index >>>

Re: retrieving gpg-keys



* Stewart V. Wright schrieb am 2004-11-07 um 19:16 Uhr:
> * Jens Kubieziel <mutt-user@xxxxxxxxxxxx> [041107 10:10]:
> > I use random.sks.keyserver.penguin.de or subkeys.pgp.net as keyserver
> > and auto-key-retrieve is set. However it doesn't seem to work.
> 
> Big hint here... RTFM for GnuPG.  auto-key-retrieve is described as:
>         This option enables  the  automatic  retrieving  of
>         keys  from  a  keyserver  when verifying signatures
>         made by keys that are not on the local keyring.

Argl, I read over the "verifying signatures"-part.

> Spoiler: What you are asking for is NOT built in to mutt.  You might be 
> able to hack something together, but do you really want to?

Yes, under some circumstances.

> To get someone's (Open-)PGP key, you need to know somewhere to get it 
> from.  You seem to trust a couple of web sites so either use their web 

Keyserver, the others website and so on.

> Doing this sort of preemptive key retrieval is bad on sooooo many levels.  
> Firstly there is the network overhead.  How many people actually use 
> Open-PGP?  Not many.  So you will be thrashing the network every time you 
> want to email a person who doesn't have a key (if you don't care about 

Maybe I didn't made myself clear. I don't want to query a keyserver for
each mail I write. It should only happen when I want to write an
encrypted mail *and* don't have the others key in my keyring.

> The second major problem is the security aspect.  Having a key listed on 
> one of the key servers means NOTHING.  There is no guarantee that a key 
> that is listed as belonging to yourfriend@xxxxxxxxxxxx has anything to do 
> with that person.  The security in Open-PGP comes from the Web of Trust - 

ACK.  But assume I want to write a mail to RMS. He is actually not in my
keyring, but when calculating the path to him
(<URL:http://webware.lysator.liu.se/jc/wotsap/?top=0x135EA668&bottom=0xEE0977E8>)
I can be sure that 0x135EA668 is the right key. However in that (and
case normally only then) I want to fetch the key from mutt.

Thanks for your hints. Maybe I will write something that solves that
problem.
-- 
Jens Kubieziel                                   http://www.kubieziel.de
FdI#256: Lösung
So etwas ähnliches wie ein Produkt, nur etwas teurer und nicht
so ausgereift. (Dietz Proepper)