On Fri, 6 Dec 2002 09:22:40 +0100 Xavier Nodet <[EMAIL PROTECTED]> wrote:
> Actually, this 'auto-key-retrieve' option can be specified by the user > in its gpg.conf (I guess... I will verify). So maybe we should not > bother with that... I verified that this option can be specified in the gpg.conf file. So I guess we can forget it for now. In the future, it could be interesting to provide some dialog asking for the user if he wants to retrieve the missing key (with an option to remember the answer). I had some other thoughts about PGP support. I will ask the gnupg-users[1] list about them, but if you're interested, read on... 1. Encryption/signing layers can be artitrarily nested. For example, a message could be signed, encrypted, then signed again[2]. I'm not sure GPG handles all the levels on its own. 2. When a message is multiply signed as above, we should verify that the signatures have actually been done with the same key: the point in signing twice is to assert that the signer actually encrypted the document himself, thus proving that he wanted the recipient to get it (while, if a message is only signed then encrypted, the recipient could decrypt it, then forward it re-encrypted to a third person without this third person noticing that he was not the intended recipient). 3. When a message is signed, we should verify that the 'From:' header actually matches one of the IDs of the signing key. This prevents an attacker from forging headers to make the recipient believe he got the message from a third person. As you can see, a complete crypto handling may be more complicated than just calling gpg with a few options... :( But I feel this is worthwhile, because not doing that could leave users with a false security feeling. [1] <http://lists.gnupg.org/mailman/listinfo/gnupg-users> [2] See <http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.ps> for reasons to do that. -- Xavier Nodet "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Mahogany-Developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/mahogany-developers
