On Tue, 16 Nov 2010 11:47:13 -0800, Carl Worth <cworth@cworth.org> wrote: > The only other piece I think I'd like to see is actually making the > content of the signature pieces available in the json output. Then, a > client could do its own verification. > > Then if we had that would we not want to add the --verify support into > notmuch? (My guess is that we still would want it.) Hey, Carl. I think your suggestion to include the signatures in the output is a reasonable. However, (I could be misunderstanding your suggestion but) I really think the Right thing is for notmuch to do the verification itself. I would almost say that --verify should be the default, with a --no-verify option. It will make things much easier for all the UIs if notmuch handles the verification and just outputs the result. jamie.