[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Bug#44508 acknowledged by developer (Can't use untrusted PGP key)
From: Ingo =?iso-8859-1?q?Kl=F6cker?= <kloecker () kde ! org>
Date: 2002-06-30 17:10:15
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 30 June 2002 04:13, you wrote:
> On Sun, 30 Jun 2002 08:03, you wrote:
> > Severity: normal ???
> >
> > Sorry, but you obviously don't know what a bug is. This report is
> > at most a wish.
>
> It is a bug. It worked suitably in the old version, but doesn't work
> at all in this one.
It's no bug. It was a bad thing that it worked in the old version. BTW,
with PGP 6 it's absolutely impossible to use untrusted keys. I guess
Phil Zimmermann had good reasons for this.
> > > When trying to send an encrypted message, you can't encrypt
> > > unless a key is trusted.
> >
> > So?
> >
> > > Not all keys can be explicitly trusted, so that isn't all that
> > > useful.
> >
> > Ask you favorite encryption expert why encrypting messages with
> > untrusted keys is a bad thing.
>
> Provided a key is signed by a few people you can assume it is safe.
> That is the whole idea of web of trust.....
Sorry for being harsh, but you got it completely wrong. Say I created
twenty keys with different faked email address and cross-signed all
those keys. According to your statement you would assume that all those
keys are safe although they are all faked. That's not very smart!
You must only trust keys which are signed by people which you trust to a
certain degree. You must not trust any other keys. As long as you don't
know at least one signer whom you can trust to have checked the
identity of the key owner you must not trust a key regardless of the
number of signatures this key has.
I hope this helps you to understand the idea behind the web of trust a
little bit better.
There's a reason why it's not possible to use untrusted keys with KMail.
This will probably change in the future. But only at the cost of a lot
of warning messages because we greatly depreciate the usage of
untrusted keys.
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9Hzt3GnR+RTDgudgRAi3/AKDjw4fuxf52ZAUIps+cs/hsiux1XQCbBuYJ
hX7nljqRsVip87/279DO4xA=
=ke/7
-----END PGP SIGNATURE-----
_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic