On 06/29/2009 07:27 PM, reynt0 wrote: > I guess WK's comment is about complete strangers sending you > email?
I think that wasn't his point. I think Werner's point was that when
people send encrypted mail, they use a mail user agent (e.g. thunderbird
with enigmail, outlook with the gpg plugin, claws, mutt, etc). the MUA
is usually responsible for selecting which key to encrypt the message
to. It does so by asking GPG to find a key which matches the e-mail
address.
If you choose a user ID which does not exactly match your e-mail
address, gpg (and thus the MUA) has no way of selecting the right key to
encrypt to automatically.
Some user agents include special features for mapping e-mail addresses
to keys manually (e.g. enigmail in thunderbird allows this), but it's
yet another step in an already cumbersome process.
Werner's point (i think) was that by raising the bar still further,
you're simply discouraging people from encrypting mails to you in the
first place, and not protecting yourself that much from harvesters, who
have many other ways to get yer address (from posts to this public
mailing list, for example).
It's a bad tradeoff.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
