On Mittwoch, 1. September 2021 18:15:56 CEST Phil Pennock via Gnupg-users wrote: > On 2021-09-01 at 13:50 +0200, Ingo Klöcker wrote: > > On Mittwoch, 1. September 2021 07:55:21 CEST raf via Gnupg-users wrote: > > > Why is the --auto-key-locate only for encrypting (says > > > the gpg(1) manpage)? Wouldn't it also be useful when > > > receiving emails and verifying signatures? > > > > --auto-key-locate looks up keys by email address. It makes no sense when > > verifying signatures because in this case you already know the key id the > > signature was made with, so that there's no reason to look up the key by > > email address (which is ambiguous). > > If you're looking up purely by key id, then you need a working global > key-lookup facility. It doesn't federate. > > If you look up by email address, then federation becomes available and > efforts such as WKD pay off.
I concur. That's why --auto-key-retrieve also does a WKD lookup if the signature has the Signer's UID set. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users