On Thu, Sep 02, 2021 at 01:10:40PM +0200, Ingo Klöcker <kloec...@kde.org> wrote:
> On Donnerstag, 2. September 2021 01:28:42 CEST raf via Gnupg-users wrote: > > On Wed, Sep 01, 2021 at 01:50:36PM +0200, Ingo Klöcker <kloec...@kde.org> > wrote: > > > On Mittwoch, 1. September 2021 07:55:21 CEST raf via Gnupg-users wrote: > > > > Why is the --auto-key-locate only for encrypting (says > > > > the gpg(1) manpage)? Wouldn't it also be useful when > > > > receiving emails and verifying signatures? > > > > > > --auto-key-locate looks up keys by email address. It makes no sense when > > > verifying signatures because in this case you already know the key id the > > > signature was made with, so that there's no reason to look up the key by > > > email address (which is ambiguous). > > > > Thanks. I don't understand why it makes no sense, but > > I'll take your word for it. But I can think of a reason > > to look up the key by email address even though you > > have the keyid from the signature: when the key is not > > on a keyserver or a WKD server, but is in a DNS > > OPENPGPKEY record (DANE). But perhaps that's not a thing. > > I retract my claim that is makes no sense. It can make sense and that's why > --auto-key-retrieve also does a lookup by email address on WKD. > > > > The equivalent for automatic look-up of keys when verifying signatures is > > > --auto-key-retrieve. > > > > Thanks, but the manpage doesn't include DANE as one of > > the lookup methods for that option. That's what I was > > hoping for. > > > > Since this option does a WKD lookup if wkd is in the > > auto-key-locate list (and --disable-signer-uid isn't > > used), it seems that it would make sense to do a DANE > > lookup if dane is in the auto-key-locate list (and > > --disable-signer-uid isn't used). > > So what you actually want is that --auto-key-retrieve also does a DANE lookup > or in fact all kinds of lookup supported by --auto-key-locate. Did you check > that it not already does this (even if the man page doesn't mention it)? If > yes, then I'd say submit a request for this feature at https://dev.gnupg.org. > > Regards, > Ingo I didn't check. I just based it on the manpage. I just checked the NEWS file, and there's no mention of such functionality. I'll submit a feature request. Thanks. cheers, raf _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
