[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Problems sending encrypted messages
From: Ingo =?iso-8859-15?q?Kl=F6cker?= <ingo.kloecker () epost ! de>
Date: 2002-01-31 18:19:54
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Volker Augustin wrote:
> Actually I am wondering if it is really such a good idea to prevent
> encryption to untrusted keys. If I really want to encrypt to that
> key, I have to sign or locally sign the key. So if I cannot for
> whatever reason verify the key, I'll only sign it locally. However,
> after I did this, I might forget about it. And so, in the future I
> might be tempted to think, that I *did* verify this key in the past.
> For that reason it might be better to allow users to encrypt to
> unverified/ untrusted keys. Maybe popup a warning message each time.
It's too late for this because we are in a message freeze. ;-)
But the real reason is that I didn't want this because:
1.) We would have to treat GnuPG and PGP differently because the usage
of untrusted keys is only possible with gpg (and the completely
outdated PGP 5 AFAIK). But all classes (except the program dependant
classes derived from Kpgp::Base) should be free of any hacks which only
apply to one of the supported programs.
2.) man gpg:
--always-trust
Skip key validation and assume that used keys
are always fully trusted. You won't use this
unless you have installed some external valida
tion scheme.
Do we (or you) have an external validation scheme? No!
3.) This feature (not allowing encrytion with untrusted keys) will
probably accelerate the growth of the web of trust because now KMail
users are forced to sign keys if they want to use them. Hopefully they
won't just sign them locally (or even worse, globally without checking
the key owner's identity). I know that this is wishful thinking. :-(
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8WYrPqUQWN/hplRsRAnMTAJ0bqZMxpfHcmtiO4FaIIokg3lxCmgCeOeqR
4Ek5oaytIUnCiKE+ZxrEc5w=
=hq7P
-----END PGP SIGNATURE-----
_______________________________________________
kmail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic