On Sun, 29 May 2005, Dave Brondsema <[EMAIL PROTECTED]> wrote: > It would be useful, I think, to get a keyid from a signature, fetch > and update keys from a keyserver, and get names and email addresses > from a public key.
I'd prefer to have "fetch key" and "add key to keyring" as separate activities - and separate from verifying as well. > Just verifying the signature without showing who's key created it > (which depends on the above functionality) doesn't do a whole lot of > good. True. So verify*() should not only tell us whether the signature was valid, but also which key was used to sign. > Although computing a trust value is what *really* does good. That's why I had the ValidTrustedSignature and ValidUntrustedSignature states. So far I haven't looked into our implementation options to see whether they support trust calculations at all. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
