if i use a command like
pgp filename
it will automatically figure out the right thing to do with the file. if it's encrypted, and i have the key, it will attempt to decrypt it. if it contains keys, it will ask if i want to add them to my keyring. if it's signed, it checks the signature.
this sucks!
From whose point of view? Remember the thread about Getting things right v. Getting the software out?
The above way is easier for most people with little computer techie knowledge. Requiring a whole complex set of commands would mean less PGP users. As people get used to it and learn about the issues, key management, etc. they'll be more willing to use a more advanced version of PGP... at the very least, they'll eventually RTFM and realize that you actally have more control of what it can do... Rob
if i'm trying to write a program to automatically process incoming mail (for instance, to see if it's encrypted with a specific key), i certainly don't want to have the possibility of people being able to add garbage to my keyring just by mailing it to me.
Have your program check what's in the mail before doing anything with it...?