commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert burrell donkin <>
Subject Re: [PGP] API sketch
Date Mon, 30 May 2005 11:31:21 GMT
On Sun, 2005-05-29 at 23:41 -0400, Dave Brondsema wrote:
> It would be useful, I think, to get a keyid from a signature, fetch and
> update keys from a keyserver, and get names and email addresses from a
> public key.
> Just verifying the signature without showing who's key created it (which
> depends on the above functionality) doesn't do a whole lot of good.
> Although computing a trust value is what *really* does good.

automatically fetching a public key from a server and then presenting
the name and email from it would need to approached carefully. for
example, the key may say "Robert Burrell Donkin (CODE SIGNING KEY)
<>" but may not be B1313DE2. it would be very unwise
to trust such a key.

- robert

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message