On Sep 22, 2009, at 4:40 PM, Daniel Kahn Gillmor wrote:
On 09/22/2009 04:09 PM, John W. Moore III wrote:
John Clizbe wrote:
IIRC, it's the first usable key with a matching User ID. Period.
First one it
can use.
thanks for catching that, John. It appears that if the first key
with a
matching User ID doesn't have full calculated validity, the user
gets a
scary warning that "There is no assurance this key belongs to the
named
user", and then:
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
It does this even if there is a full-valid match later in the keyring!
This doesn't seem like friendly or reasonable behavior for the power
user, let alone the novice user.
My usual 'solution' for this is to 'Disable' the non-preferred or
unused
Key until such time as it is Revoked or I have been otherwise
informed
it is deprecated beyond any further use.
i'm assuming you mean "gpg --edit-key 0xDECAFBAD" followed by the
"disable" subcommand.
What do y'all think should actually be happening here?
I think the current behavior is the right one. Otherwise we break
however many baked-in uses out there (scripts, etc), to say nothing of
having to explain to people why a particular key was chosen. "We pick
the first valid key" cannot be misunderstood or confuse anyone.
Yes, it's wrong for some situations. But every behavior is wrong for
some situations. This particular "wrong" behavior has almost 20 years
of history behind it.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
