Do you auto fetch GPG keys?

To: Mutt Users List <mutt-users@xxxxxxxx>
Subject: Do you auto fetch GPG keys?
From: Chris Willard <chris@xxxxxxxxxxxxxxxxx>
Date: Thu, 15 Jun 2006 20:29:48 +0100
List-unsubscribe: <mailto:mutt-users-request@mutt.org?body=unsubscribe>
Organization: TheWillards
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.9i

Hi All,

I have just installed GPG to use with Mutt.

There seem to be 2 opinions regarding the automatic downloading of keys
from key servers. Some say that it is OK and others think that it is a
security risk!

From what I understand if I download a key then I know that a message I
receive has been signed or encrypted by the key but I can not be sure
that the key is from the person due to man in the middle attacks?

From what I have read it is OK to download but then to be sure that the
key is actually from the intended recipient we need to confirm our key
fingerprints.

Any opinions on these would be appreciated as I am not sure to download
keys or not at the moment!

Regards,

Chris


-- 
/*       _\|/_
         (o o)
 +----oOO-{_}-OOo-----------------------------------+
 |Chris Willard <chris@xxxxxxxxxxxxxxxxx>           |
 |                                                  |
 |My guru said there would be lifetimes like this...|
 |                                                  |
 +-------------------------------------------------*/

Follow-Ups:
- Re: Do you auto fetch GPG keys?
  - From: Chris Willard
- Re: Do you auto fetch GPG keys?
  - From: René Clerc
- Re: Do you auto fetch GPG keys?
  - From: Thomas Roessler

Prev by Date: Re: national chars - libiconv not used?
Next by Date: Re: Do you auto fetch GPG keys?
Previous by thread: Re: Placing vim cursor on *second* blank line on startup
Next by thread: Re: Do you auto fetch GPG keys?
Index(es):
- Date
- Thread