mailing list pgp signatures...
Bruno Wolff III
bruno at wolff.to
Wed Jul 15 01:01:42 UTC 2009
On Tue, Jul 14, 2009 at 18:14:57 -0400,
"Steven W. Orr" <steveo at syslang.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> The Enigmail package gets added to Thunderbird and provides the human
> interface to GnuPG. Enigmail does provide a setting on a per addressbook entry
> for whether messages sent TO that address are signed or encrypted. But, if
> you try to automatically verify or decrypt a message as the recipient, and the
> key fetch fails, there's really no reason to think that it would ever fail
> again on a future attempt. There are features which would be nice to see added
Sure there is. If you try again immediately, I would certainly expect it to
fail again. That's what negative caching is for. The exact time to wait
should be configurable, but I would expect to a day to be a reasonable time
to wait before not trying another lookup.
> to Enigmail and marking a particular address as something that you do not want
> to see verified or decrypted has got to be way far down in the list of
> priorities.
As the proble was described it seemed that the key lookup blocked doing
anything further with your email until one keyserver lookup succeeded or they
all failed. This is broken behavior. It would seem much more reasonable to
flag the signature as unknown and start the lookups in the background.
More information about the fedora-list
mailing list