commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert burrell donkin <robertburrelldon...@blueyonder.co.uk>
Subject Re: [PGP] API sketch
Date Mon, 30 May 2005 11:31:21 GMT
On Sun, 2005-05-29 at 23:41 -0400, Dave Brondsema wrote:
> It would be useful, I think, to get a keyid from a signature, fetch and
> update keys from a keyserver, and get names and email addresses from a
> public key.
> 
> Just verifying the signature without showing who's key created it (which
> depends on the above functionality) doesn't do a whole lot of good.
> Although computing a trust value is what *really* does good.

automatically fetching a public key from a server and then presenting
the name and email from it would need to approached carefully. for
example, the key may say "Robert Burrell Donkin (CODE SIGNING KEY)
<rdonkin@apache.org>" but may not be B1313DE2. it would be very unwise
to trust such a key.

- robert


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message