On Jan 08, David T-G [[EMAIL PROTECTED]] wrote: > % 1. use the new check-traditional-pgp command from the index on a message > % that has an old-style pgp signature > % 2. note that the 's' flag appears to indicate the presence of the signature > % 3. view the message, with pgp_verify_sig=no > % 4. note that the 's' becomes an 'S', even though no verification has taken > % place > > ... if you'll send a traditional-style message I'll check it out and > report.
attaching one of Derek's that I still have around... > Note that viewing *this* message did not change the 's' to 'S' even > though I have verification on and the signature was good because I have > not signed my copy of your key. I expect the same behavior with the > traditional method, of course. Well, if I try to verify *your* message, it does change to an 'S', even though I haven't signed my copy of your key. (?)
--- Begin Message --------BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At some point hitherto, Vincent Lefevre hath spake thusly: > > The "s" in the index is sufficient for me if I want to know if a > message is signed. Perhaps, but it's not enough to tell you if the message was signed by the person it clamed to be signed by. For people like me, who use GPG a lot when communicating with friends and colleagues, auto-verification is nice. But I'd agree that, for those who don't care about gpg, or only care about a small percentage of e-mail or signatures, it'd be nice to have a way to turn that off. :) - -- Derek Martin [EMAIL PROTECTED] - --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8Oi/BdjdlQoHP510RAjhIAJ0WCOv5VMrSwCAh+l9rEcARVnX0qQCgmYQQ dlWTq7bjQxk+SkkyIcQYzcE= =oyIA -----END PGP SIGNATURE-------- End Message ---
msg22680/pgp00000.pgp
Description: PGP signature
