-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
While writing in the "TOFU for GnuPG" thread it occurred to me that GnuPG does not look at whether we "trust" the other keys to which an incoming message was encrypted. GnuPG looks at whether we "trust" keys we are about to encrypt to, and whether we "trust" keys that signed messages we have received. Wouldn't it be reasonable to also look at whether we "trust" other keys that are seen to be a party to the conversation? Of course, this could only work for keys that were not obscured by the use of throw-keyids or hidden-recipient or hidden-encrypt-to. And if another copy were encrypted separately, we know nothing about it. - -- Best regards MFPA <mailto:2014-667rhzu3dc-lists-gro...@riseup.net> Wise men learn many things from their enemies. -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJWPMIaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwEcAIAJ6B95iRSPA/4KuUmbFW66x4 WzQblXacS/0YuwGM/A5U/qFxWVpt4AvhxMud6L1+HO8eHRBY+symfxAdPUsyL0Jw ojJBIH6fMKRBhRbNc8oKyO4LqqHP1tf4tpk6xGltu/YBHEv8LSflRh3NLJpzggQ7 qV4OcGo5HOzk7Ahu1UnhCmbGh1xpCiWun2Ng8erODFDimsTbh4mA9Iw06Gjo9/Yk R3tr9lwEiuz1uWlobnINd7sZ2fMTv2MeGLtEGmS+FIXr1bdCi9HBaDCgsmlCqdvD 9X/CboVx8pmxRHkneahTvtoYSMPwLF30Aglsi/4P82PotjM1k+QcpwkorMhqrVCI vgQBFgoAZgUCVjzCH18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45IhNAP0UQPVdDA7SO+y89jufHPiKe8v9 QnudR30dGMdZg72/WgD+PI/MsF35tfq6Iec5pkBrEgbqHet+4ala7JFgzcG1LAc= =WxRn -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users