At 10:27 AM EDT on October 16 PeterKorman sent off: > In a perfect world, I think I'd want to know only > if the signature did *NOT* check out against the > keyserver copy.
IMHO, that would weaken the point of crypto signatures. First, most* signature failures are innocent, being due to MTA mangling along the way, like escaping periods at the start of a line. By only seeing gpg when there's a problem, it could freak you out that much more when it happens, and when you verify with the sender, give you** the impression that it's worthless. But it's not. All the signatures that *do* check out OK are saying something about the legitimacy of their messages. By not checking good sigs, you are lowering their status to the same level as unsigned messages, so gpg users can't win either way :-( * in my limited experience. ** and by you I probably mean more newbieish people who inherit your .muttrc. Admittedly that problem mostly goes away if you have the %Z flag (IIRC) in your index, so you can easily see which ones are signed, even if you don't check every signature. (I don't on mailing lists.) At 2:04 PM EDT on October 16 PeterKorman sent off: Content-Description: Why I automatically verify > On Wed, Oct 16, 2002 at 07:35:01PM +0200, Ren? Clerc wrote: > > * PeterKorman <[EMAIL PROTECTED]> [16-10-2002 16:30]: > > > > > On Wed, Oct 16, 2002 at 03:02:31PM +0200, Ren? Clerc wrote: > > > > * Stephane Bortzmeyer <[EMAIL PROTECTED]> [16-10-2002 14:52]: > > > > > > > > > Or to hide it unless specifically called? > > > > > > > > unset pgp_verify_sig > > > <snip> > >would be the benefit of this? > > It mitigates against 2 of my weaknesses. Bad memory and lazyness. > Patience seems to be something of which I have enough; maybe > too much. I have enough patience to wait for keyserver response. > A keyserver response wait tells me that I've never before read a > message (so far I've never encountered a downed key server at > the site I'm using) Oh, so you *are* a newbie! ;-) Pardon my svenning, but key servers just don't seem to stay up for very long. > If I always verify, then I don't have to remember the verify command. Put this in your .muttrc: # Check a signature. Thanks to David Champion <[EMAIL PROTECTED]> macro index \Cv "<enter-command>set pgp_verify_sig=yes<enter><display-message><enter-command>set pgp_verify_sig=no<enter>" "Verify PGP signature" macro pager \Cv "i<enter-command>set pgp_verify_sig=yes<enter><display-message><enter-command>set pgp_verify_sig=no<enter>" "Verify PGP signature" mnemonic: control-v for Control Verify. I like to read, then verify if necessary, which is more or less what the subject asks for. -- We are all in the gutter, but some of us are looking at the stars. - O. Wilde Robert I. Reid <[EMAIL PROTECTED]> http://astro.utoronto.ca/~reid/ PGP Key: http://astro.utoronto.ca/~reid/pgp.html
msg31872/pgp00000.pgp
Description: PGP signature
