Daniel Kahn Gillmor wrote: > On 04/24/2014 06:39 PM, Mike Acker wrote: > >> one more time: all that happens in ENIGMAIL calls GnuPG passing a user ( >> -u ) argument . if that argument is just an e/mail address GnuPG won't >> have enough information to find the key you want if there are two or >> more keys in the keyring with that matching e/mail address. > > Sure it does. GnuPG is the tool that keeps track of the calculated > validity of the user IDs it knows about. > > If you have two or more keys with the same User ID and one is valid for > that user ID and one is not, it should choose the valid key. It does > not, currently.
I think we're veering off into semantic quibbling, discussions of which so
often seem to tend to have more theological than technical import. All manner
of semantic microtoming are futile if the end terminology does not match the
non-expert user's understanding of the term and the software tool's behavior.
GnuPG selects the first certificate with matching search criteria that _it_
finds 'usable' for the required use regardless of an individual's definition
of "valid" or whichever other term the high priests of the cabal of
cryptoterminology see fit to employ.
>> to be sure to get the right key you pass the fingerprint in the -u
>> argument and this is what the recipient rules are for
>
> As John pointed out, there are other good reasons for the recipient
> rules. The job of selecting the key that is best-bound to the e-mail
> address shouldn't need to be one of them, since gpg already has all of
> that information.
Not quite. GnuPG has all the information contained in the certificate and any
meta info in the ownertrust DB. What it lacks is the HUMINT of Alan telling
Bob, "Use this key when you send me encrypted messages."
POP(3) Quiz: Assume equal validity for all keys of mine on the keyservers.
Which key do I wish members of the Enigmail devel group to use for group
traffic? This example has the added HUMINT element of email alias to email
address de-referencing involved. Without HUMINT from me, your best choice is
just to guess.
When you eliminate the human element, even with as much information as can be
supplied from a certificate and other metadata, a computer algorithm's 'best
choice' is no better than a guess. ;-)
-John
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:[email protected]?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
