On Sat, 2016-02-20 at 23:49 +0100, Rudolf Künzli wrote: > > My key weren't confirmed in my sent messages before I trusted my > own > > key. So I guess that's what other people that trust me have to do > > too. > > IMHO your public key should be attached/sent with your signature. In > that case I could store your public key on my system (evolution) and > use it directly to encrypt my messages sent to you. > Naturally I could > search on gpg.mit.edu, but getting the public key directly would make > my life more easy!
This is not the way it's supposed to work. If I don't check the public key is trusted, why should I believe a message signed with it? Simply picking up the key with the message is tantamount to doing nothing. I must either know the key beforehand (i.e. I have it in my keyring) or I fetch it from a public server and check who vouches for it. poc
signature.asc
Description: This is a digitally signed message part
_______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
