[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 44699] can't encrypt with gpg if the receiver's key is not
From:       Torsten Landschoff <torsten () debian ! org>
Date:       2008-02-21 13:05:01
Message-ID: 20080221130501.14821.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
         
http://bugs.kde.org/show_bug.cgi?id=44699         




------- Additional Comments From torsten debian org  2008-02-21 14:04 -------
Come on, this can't be true. kmail disallows me to send encrypted with an untrusted \
key - why!? Warning is okay, perhaps in bold letters and some "I am really sure" \
check.

This misfeature makes kontact all but useless for me. I won't go and sign any key of \
other Debian people I did not meet in person - I can't be sure the key matches the \
person. But at least it will only be readable by the person having the key, no t to \
every mail server in between us. 

For work I have a big list of keys which I won't sign. For one I know the person \
relating to the key, but I did never check any passports. So I won't sign them. So \
the "solution" to use kmail is to --lsign every key? Not!

While I am just using Thunderbird again in disbelief, others will happily sign every \
key just to be able to send an email. For me this looks like a security problem (the \
social engineering kind) and not like a wishlist bug.

Please fix this!


[prev in list] [next in list] [prev in thread] [next in thread]