Mika Suomalainen wrote:
> I was just wondering is it possible for Enigmail to automatically
> receive missing public keys from keyserver?
I may be (I do not know), but why would you want this? It seems to me
that for each key you put on your key ring you would want to verify is
valid and belongs to the person issuing it.
I could make up a key and say I was Barak Obama, send it to a key
server, and start signing stuff with it. If you receive something from
me signed with this bogus key, how would you know I was not the
president of the USA? Assuming he is your friend, you could call him and
compare his valid key fingerprint with the one you actually got from me,
and they would not be the same, so you would then know mine is a fake.
Just getting my bogus key from a keyserver would tell you nothing. Do
you really want a lot of bogus keys on your key ring?
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 09:35:01 up 21 days, 18:16, 3 users, load average: 5.42, 5.42, 5.17
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/