Re: retrieving gpg-keys

To: mutt-users@xxxxxxxx
Subject: Re: retrieving gpg-keys
From: Jens Kubieziel <mutt-user@xxxxxxxxxxxx>
Date: Sun, 7 Nov 2004 22:26:24 +0100
In-reply-to: <20041107181647.GB23671@xxxxxxx>
List-unsubscribe: <mailto:mutt-users-request@mutt.org?body=unsubscribe>
Mail-followup-to: mutt-users@xxxxxxxx
Organisation: Qbi's Welt
References: <20041107114633.GD3969@xxxxxxxxxxxx> <20041107152940.GA31853@xxxxxxxxxxxxxxxxxxx> <20041107160415.GJ3969@xxxxxxxxxxxx> <20041107181647.GB23671@xxxxxxx>
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.6+20040818i

* Stewart V. Wright schrieb am 2004-11-07 um 19:16 Uhr:
> * Jens Kubieziel <mutt-user@xxxxxxxxxxxx> [041107 10:10]:
> > I use random.sks.keyserver.penguin.de or subkeys.pgp.net as keyserver
> > and auto-key-retrieve is set. However it doesn't seem to work.
> 
> Big hint here... RTFM for GnuPG.  auto-key-retrieve is described as:
>         This option enables  the  automatic  retrieving  of
>         keys  from  a  keyserver  when verifying signatures
>         made by keys that are not on the local keyring.

Argl, I read over the "verifying signatures"-part.

> Spoiler: What you are asking for is NOT built in to mutt.  You might be 
> able to hack something together, but do you really want to?

Yes, under some circumstances.

> To get someone's (Open-)PGP key, you need to know somewhere to get it 
> from.  You seem to trust a couple of web sites so either use their web 

Keyserver, the others website and so on.

> Doing this sort of preemptive key retrieval is bad on sooooo many levels.  
> Firstly there is the network overhead.  How many people actually use 
> Open-PGP?  Not many.  So you will be thrashing the network every time you 
> want to email a person who doesn't have a key (if you don't care about 

Maybe I didn't made myself clear. I don't want to query a keyserver for
each mail I write. It should only happen when I want to write an
encrypted mail *and* don't have the others key in my keyring.

> The second major problem is the security aspect.  Having a key listed on 
> one of the key servers means NOTHING.  There is no guarantee that a key 
> that is listed as belonging to yourfriend@xxxxxxxxxxxx has anything to do 
> with that person.  The security in Open-PGP comes from the Web of Trust - 

ACK.  But assume I want to write a mail to RMS. He is actually not in my
keyring, but when calculating the path to him
(<URL:http://webware.lysator.liu.se/jc/wotsap/?top=0x135EA668&bottom=0xEE0977E8>)
I can be sure that 0x135EA668 is the right key. However in that (and
case normally only then) I want to fetch the key from mutt.

Thanks for your hints. Maybe I will write something that solves that
problem.
-- 
Jens Kubieziel                                   http://www.kubieziel.de
FdI#256: Lösung
So etwas ähnliches wie ein Produkt, nur etwas teurer und nicht
so ausgereift. (Dietz Proepper)

Follow-Ups:
- Re: retrieving gpg-keys
  - From: Stewart V. Wright

References:
- retrieving gpg-keys
  - From: Jens Kubieziel
- Re: retrieving gpg-keys
  - From: Robert Kowalski
- Re: retrieving gpg-keys
  - From: Jens Kubieziel
- Re: retrieving gpg-keys
  - From: Stewart V. Wright

Prev by Date: Re: html mails as text in mutt
Next by Date: Re: retrieving gpg-keys
Previous by thread: Re: retrieving gpg-keys
Next by thread: Re: retrieving gpg-keys
Index(es):
- Date
- Thread