[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Save own PGP-encrypted mail unencrypted
From: Ingo =?iso-8859-1?q?Kl=F6cker?= <ingo.kloecker () epost ! de>
Date: 2001-10-30 8:28:54
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 30 October 2001 09:11, Seth Kurtzberg wrote:
> Someone (apologies for forgetting who) said that a situation might
> develop where the mail couldn't be decrypted. Several folks pointed
> out (correctly) that this is not the case; key expiration only
> impacts the logic which decides whether a key is current, valid, up
> to date, or whatever, and this has nothing to do with using the key
> to decrypt. However, unless I'm missing something, there is an
> additional flaw in the logic. To lose the ability to decrypt, you
> would have to lose your PUBLIC key; public keys don't need to be
> protected. Paint it on your wall, write it in 200 different places,
> get it tatooed on your ... well, wherever. Attach it to your copy of
> the email.
Sorry, but you got it wrong.
The public key is needed to verify signatures and for encryption.
The secret key is needed to sign and for decryption.
> The reason I don't think it is a good idea to make this kmail feature
> configurable is this. I'm encouraging (more sucessfully than I
> expected) my users to dump their window's mail tool, run an xserver
> on their PC, and use kmail. These are ordinary end users, not highly
> technical people. I believe that it is VERY likely that less heavily
> technical users would play with kmail for a while, and people will
> make mistakes and end up with plain text email stored on their
> machine; worse, they wouldn't know it was unencrypted unless they
> happened to look at it.
Exactly.
> So, my vote is, leave the current kmail behavior (with respect to
> this issue) alone, and if you are convinced that you need to store
> the messages in plain text, take care of this is a separate process.
Either this or we will make it configurable in the configuration file
but without the possibility to change the behaviour with the GUI.
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE73mTGGnR+RTDgudgRAue9AKCBVdE9ds2BnworRp+zX3sb9ygBZgCglyDO
wV1/lyVAQQKbeJM0yZJYrMI=
=92sD
-----END PGP SIGNATURE-----
_______________________________________________
kmail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic