[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Fwd: [Bug 44699] can't encrypt with gpg if the receiver's key is not
From: Martin Steigerwald <Martin () lichtvoll ! de>
Date: 2008-02-21 14:13:02
Message-ID: 200802211513.07842.Martin () lichtvoll ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hi!
What's the official position on this one?
I know it has been discussed in the bug report quite a lot already, but
actually I agree to Torsten Landschoff and various others.
I also set trust to ultimate in order to send out a message to a key which
I did not yet verify. And hopefully I remember to set trust to unknown
afterwards.
KMail IMHO should definately allow me to send a mail to a key that I do
not completely trust. Its my choice and I know the risk that it might
does not belong to the person I think it does. Still the mail is at least
only decryptable by the owner of the mail (and me usually).
A warning in BIG FAT LETTERS is good, so that people are realising what
they are doing. But if I say "Yes, I am sure", KMail should obey.
Otherwise this would be like a webbrowser which doesn't let me browse
HTTPS sites with unverified SSL certificate or a mail client which
doesn't let me connect to mail servers with unverified SSL certificate.
No offence meant...
Ciao,
Martin
---------- Weitergeleitete Nachricht ----------
Subject: [Bug 44699] can't encrypt with gpg if the receiver's key is not
signed
Date: Donnerstag 21 Februar 2008
From: Torsten Landschoff <torsten@debian.org>
To: Martin@lichtvoll.de
------- You are receiving this mail because: -------
You are a voter for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=44699
------- Additional Comments From torsten debian org 2008-02-21
14:04 -------
Come on, this can't be true. kmail disallows me to send encrypted with an
untrusted key - why!? Warning is okay, perhaps in bold letters and
some "I am really sure" check.
This misfeature makes kontact all but useless for me. I won't go and sign
any key of other Debian people I did not meet in person - I can't be sure
the key matches the person. But at least it will only be readable by the
person having the key, no t to every mail server in between us.
For work I have a big list of keys which I won't sign. For one I know the
person relating to the key, but I did never check any passports. So I
won't sign them. So the "solution" to use kmail is to --lsign every key?
Not!
While I am just using Thunderbird again in disbelief, others will happily
sign every key just to be able to send an email. For me this looks like a
security problem (the social engineering kind) and not like a wishlist
bug.
Please fix this!
-------------------------------------------------------
--
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7
["signature.asc" (application/pgp-signature)]
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic