On Fri, Nov 04, 2005 at 03:51:35PM +0100, Simon Josefsson wrote:
Yes, how about this use-case: An announcement-only mailing list
might prefer OpenPGP signed messages. It could then add a 'OpenPGP:
preference=sign' message to all list posts. The sender could be the
mailing list address, which may not have a OpenPGP key at all. So
you couldn't fetch an OpenPGP key for the mailing list address.
Arguable, the mailing list managers could create a dummy OpenPGP key
for the mailing list address, and set the e-mail preference and
upload the key. However, so could anyone, since the key isn't used
nor trusted by anyone. The announcement-only mailing list could be
some abstract mail addresses too. Like
submit(_at_)bugs(_dot_)debian(_dot_)org or
similar.
I agree this is a reasonable use. I've also re-read over the -02
draft, and it does have language in section 2 about not overtrusting
the header that I had missed earlier.
Would it be worth making this more explicit by adding something about
actual conflicts between the OpenPGP header and the key to that
section? Something like:
Some of the information given in this header may also be given on
the OpenPGP key itself. When these two sources conflict, users
SHOULD favor the information from the OpenPGP key, as that information
can be cryptographically protected.
David