From 156774e0f391baa09a10fabd2391b6dfe556159d Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Tue, 30 Sep 2003 21:47:19 +0000
Subject: [PATCH] * gpg.sgml: Note web bug behavior of auto-key-retrieve.  Note
 that big photos mean big keys.  Document --rfc2440.  Document verify-option
 show-unusable-uids.

---
 doc/ChangeLog |  4 ++++
 doc/gpg.sgml  | 24 +++++++++++++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 80afaf941..5020cb32f 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,9 @@
 2003-09-30  David Shaw  <dshaw@jabberwocky.com>
 
+	* gpg.sgml: Note web bug behavior of auto-key-retrieve.  Note that
+	big photos mean big keys.  Document --rfc2440.  Document
+	verify-option show-unusable-uids.
+
 	* gpg.sgml: Clarify --mangle-dos-filenames, document list-option
 	show-unusable-uids, remove --no-comment (which is now
 	--no-sk-comments), add --no-comments (to remove --comment), remove
diff --git a/doc/gpg.sgml b/doc/gpg.sgml
index bb1011188..4d2d2ebfa 100644
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@@ -364,7 +364,9 @@ Create an alternate user id.</para></listitem></varlistentry>
     <term>addphoto</term>
     <listitem><para>
 Create a photographic user id.  This will prompt for a JPEG file that
-will be embedded into the user ID.</para></listitem></varlistentry>
+will be embedded into the user ID.  A very large JPEG will make for a
+very large key.
+</para></listitem></varlistentry>
     <varlistentry>
     <term>deluid</term>
     <listitem><para>
@@ -1142,6 +1144,12 @@ keyserver over the proxy set with the environment variable
 This option enables the automatic retrieving of keys from a keyserver
 when verifying signatures made by keys that are not on the local
 keyring.
+</para><para>
+Note that this option makes a "web bug" like behavior possible.
+Keyserver operators can see which keys you request, so by sending you
+a message signed by a brand new key (which you naturally will not have
+on your local keyring), the operator can tell both your IP address and
+the time when you verified the signature.
 </para></listitem></varlistentry>
 
 </variablelist>
@@ -1343,6 +1351,13 @@ verification, rather than the more common 32 bit (8 digit) IDs.
 Defaults to no.
 </para></listitem></varlistentry>
 
+<varlistentry>
+<term>show-unusable-uids</term>
+<listitem><para>
+Show revoked and expired user IDs during signature verification.
+Defaults to no.
+</para></listitem></varlistentry>
+
 </variablelist>
 </para></listitem></varlistentry>
 
@@ -1963,6 +1978,13 @@ behavior.  Use this option to reset all previous options like
 disabled.
 </para></listitem></varlistentry>
 
+<varlistentry>
+<term>--rfc2440</term>
+<listitem><para>
+Reset all packet, cipher and digest options to strict RFC-2440
+behavior.  Note that this is currently the same thing as --openpgp.
+</para></listitem></varlistentry>
+
 <varlistentry>
 <term>--rfc1991</term>
 <listitem><para>