[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: mailing list pgp signatures...

Hash: SHA1

On 07/14/09 11:17, quoth David:
> On 7/14/2009 8:24 AM, Bruno Wolff III wrote:
>> On Mon, Jul 13, 2009 at 14:04:11 -0400,
>>   "Steven W. Orr" <steveo syslang net> wrote:
>>> But what G did was much worse. He insisted on putting a little bomb in his
>>> mail that causes a number of us to just plain hang for periods that are
>>> measured in minutes, not just once, but for every message that he sends and
>>> for every time that we try to read it. Having a lack of respect for other
>>> people's time is way high up on my list of things that make me go out of my
>>> way to resort to blacklisting.
>> That sounds like a problem with the mail client you are using and should
>> probably be reported as a bug against that client. The lookups should be
>> out of band and there should probably be some negative caching support
>> as well.
> It is a 'setting', if you wish, to auto-retrieve signing keys from
> keyservers. Keyservers, as can all servers, be slow at times. The more
> keyservers that you check the longer it takes. The retrival ends with
> the first server that has to key.

I *really* hope I'm not tiring people out with this thread, but I would like
to comment on whether this is a software bug, a desirable feature, or whether
it's something that can be improved.

The Enigmail package gets added to Thunderbird and provides the human
interface to GnuPG. Enigmail does provide a setting on a per addressbook entry
 for whether messages sent TO that address are signed or encrypted. But, if
you try to automatically verify or decrypt a message as the recipient, and the
key fetch fails, there's really no reason to think that it would ever fail
again on a future attempt. There are features which would be nice to see added
to Enigmail and marking a particular address as something that you do not want
to see verified or decrypted has got to be way far down in the list of

Certainly, G's rationale is no basis for people to unset the auto
verify/decrypt flag.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]