On 26/10/14 15:28, Hauke Laging wrote: > THEY do know anyway that you (really you in this case) encrypt to a > certain key as long as SMTP is used (as usual) and the target key ID is > not hidden (as usual, too).
First of all, the number of parties in the know is enlarged by doing the keyserver query. Somebody with access to the SMTP session always knows: the sending and receiving mail providers and anybody who can listen in on that connection. But you add a keyserver to that. Secondly, more to the point, after thinking about it, I think it does make more sense to incorporate this into GnuPG proper (as an optional feature; --auto-key-locate seems appropriate). The main motivation is that it sounds like a good option for many casual users who are not particularly worried about the problem of leaking social and usage data to keyservers, and those people will not install parcimonie. And my argument of leveraging code already written equally applies to GnuPG, that was a bit of a silly argument in retrospect :). --auto-key-locate automatically retrieves unknown keys. I think it makes sense to include expired keys, triggering a refresh. Or is there a use case where this is unwanted? HTH, Peter. PS: I didn't quite understand the different "you"s in your mail; they all appear to refer to "anyone". But it doesn't seem important. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
