Derek Atkins says:
Unfortunately, the current PGP practice of using only numeric key-ids in message packets makes it hard to do this -- sigh. I hope that the next version of PGP changes this.
I doubt PGP will change this in the near future. That would require a major packet format change, and would not be anywhere near backwards compatible.
I dont consider this to be a big problem.
I do. It means that I can't use PGP for IPSP key management -- period.
If you limit key lookups in the database to be lookup on userID only, that solves your database problem. As for the keyID->userID, well, this would only be required to _verify_ a signature. In that case, you know who sent the message to you so you can ask them for the key. When you want to encrypt to someone, you already know to whom you want to encrypt, so the same thing applies.
I don't see the problem!
Sorry, but I see the problem. If I want to follow an arbitrary chain of signatures, check arbitrary signatures, etc, I'm forced to go through kludges or worse. I don't see it as acceptable to just ask someone for their key, either. Perry