making it easy to find keys
Stewart V. Wright
svwright+lists at amtp.liv.ac.uk
Thu Dec 4 10:56:09 CET 2003
G'day Atom, (???)
* Atom 'Smasher' <atom-gpg at suspicious.org> [031204 01:08]:
> in the absence of standards (that i'm aware of) i'm wondering if there's
> any consensus, or at least any good reasons for or against, presenting the
> public key information in particular formats....
My only gripe is people who format their key so that the HTML looks
good in a browser, but so you can't download the src of the page and
import that. With style sheets, XML and the like you should be able
to have your key in an importable format whilst still having a
pleasant looking page.
> as non-standard as that is, there seems to be even less consistency among
> people who reference their keys in their SMTP headers (like i've done).
> after the "X-", i don't know if i've seen any two people use the same
> format...
>
> i know, there's no "right way" or "wrong way" to present this information
> to the world, and any variation on this theme (within reason) should work
> fine, but i'm sure there are some good reasons out there for doing or not
> doing things in a particular way. lacking a standard, i'd at least like to
> hear some of those good reasons people have....
Well, I follow Werner's suggestion:
List: gnupg-users
Subject: [Announce] GnuPG signature key update and X-Request-PGP
From: Werner Koch <wk () gnupg ! org>
Date: 2002-12-23 16:08:38
http://marc.theaimsgroup.com/?l=gnupg-users&m=104066274128147&w=2
...and use X-Request-PGP.
I agree that there is no hard and fast rules, but a nice consensus of
a few headers that are then made clear in the documentation would be a
Good Thing^TM. It would make writing scripts/plugins for MUAs easier.
Naïvely you would expect that a grep '^X-.*GPG' or '^X-.*PGP' would be
sufficient, but some people put all sorts of stuff in their headers.
Recently in a single message I've seen:
X-GPG-Key
X-GPG-Key-Direct-Link
X-GPG-Key-Old-Location1
X-GPG-Key-Old-Location2
X-GPG-Key-Old-Location3
X-GPG-Notice
Also for accuracy I like using the term PGP or Open-PGP rather than
GPG. It's the open standard that we are following -- and it should be
clear to non GPG users that a GPG generated key will work with any
Open-PGP compliant client.
Well that is my $0.02 (more like $5.12 but that is a side issue)...
Nice thread to start BTW.
Cheers,
S.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 274 bytes
Desc: Digital signature
Url : /pipermail/attachments/20031204/3f2266a6/attachment.bin
More information about the Gnupg-users
mailing list