In
<Pine(_dot_)LNX(_dot_)4(_dot_)21(_dot_)QNWS_2(_dot_)0008220041440(_dot_)2335-100000(_at_)thetis(_dot_)deor(_dot_)org>,
on 08/22/00
at 01:43 AM, "L. Sassaman" <rabbi(_at_)quickie(_dot_)net> said:
Why don't we make the "wild card" or "speculative" key id support a
SHOULD? I at least want to see all the client's being able to properly
decrypt messages that use this feature.
I don't have a problem with the speculative keyID support but it does not
address the underlying problem: Implementors not understanding basic concepts
of e-mail encryption. I came across the issue of KeyID leakage back in '96 and
documented it at:
http://www.openpgp.net/pgpemail_5.html
Automated PGP processing can be a powerfull tool but there are complex issues
involved and an application developer needs to spend the time at the design
stage to do it properly.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting
Data Security & Cryptology Consulting
Programming, Networking, Analysis
PGP for OS/2: http://www.openpgp.net/pgp.html
E-Secure: http://www.openpgp.net/esecure.html
---------------------------------------------------------------