* Thomas Roessler ([EMAIL PROTECTED]) [000128 10:56]:
> On 2000-01-28 09:59:17 +0100, Terje Elde wrote:
>
> >> First of all, it may quite well be possible that there is a
> >> unique key matching an e-mail address with a fully valid user
> >> id to key association. In this case, there is no need to ask
> >> the user.
>
> > True, never actually seen it happen tho :)
>
> I have this quite frequently.
Yes, but do you have the problem that only 10% of your keys seem to be
recognised by mutt?
> >> Then, the software should tell the user about the validity of
> >> the keys it presents to him.
>
> > GPG will do that for you. And in any case, you should not do a
> > validity check until *after* the user have selected which key to
> > use.
>
> You don't seem to understand my point here. There are situations in
> which one e-mail address maps to multiple keys, but some of these
> keys don't belong to the person reachable under that address. Now,
> imagine you have working key server support (I have ;-), that is,
> you regularly fetch PGP public keys from the key servers based on
> the e-mail addresses you want to send encrypted e-mail to.
>
> This means you automatically have those fake keys on your public key
> ring. Now, what happens? Mutt offers a whole bunch of keys to you,
> so you can select the right key. How do you decide which key is the
> right one to use? You have to look at the validity information
> computed from the web of trust. Thus, Mutt needs this information.
Actually, I *do* understand your point. I just think mutt obtains the
information too quickly. If you have 500 or so keys, and all of them get
listed, it's a *bad* thing to do a validity check on all of those, thus
the user should be able to narrow it down to the interesting keys, then
ask for a validity check on those or some which thing. Isn't there a c for
check key thing you can use?
Terje Elde
--
Ex, de... Yv oek sqd huqt jxyi jxud jxqj cuqdi oek'lu rheaud co
udshofjyed. DEM te oek iuu mxo mu duut ijhedw shofje?