On 2000-01-28 09:59:17 +0100, Terje Elde wrote:
>> First of all, it may quite well be possible that there is a
>> unique key matching an e-mail address with a fully valid user
>> id to key association. In this case, there is no need to ask
>> the user.
> True, never actually seen it happen tho :)
I have this quite frequently.
>> Then, the software should tell the user about the validity of
>> the keys it presents to him.
> GPG will do that for you. And in any case, you should not do a
> validity check until *after* the user have selected which key to
> use.
You don't seem to understand my point here. There are situations in
which one e-mail address maps to multiple keys, but some of these
keys don't belong to the person reachable under that address. Now,
imagine you have working key server support (I have ;-), that is,
you regularly fetch PGP public keys from the key servers based on
the e-mail addresses you want to send encrypted e-mail to.
This means you automatically have those fake keys on your public key
ring. Now, what happens? Mutt offers a whole bunch of keys to you,
so you can select the right key. How do you decide which key is the
right one to use? You have to look at the validity information
computed from the web of trust. Thus, Mutt needs this information.
--
http://www.guug.de/~roessler/
