[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    Bug#7016: No encryption in case of missing secret key for signing
From:       Stefan Suchi <suchi () gmx ! de>
Date:       2000-07-31 21:14:24
[Download RAW message or body]

Package: kmail
Version: 1.0.29.2

If I try to send a message SIGNED and ENCRYPTED and the "PGP User Identity"
is not found in my secret keyring (for example because my email-address has
changed) the message is sent unsigned and unencrypted without any warning.

To me this behavior looks like a mayor security problem.

I would suggest that in this case an error message pops up like itīs doing
in the case a recipient key could not be found or that the message is at
least sent unsigned, but encrypted.

My system: SuSE-6.1, KDE-1.1.2, kmail-1.0.29.2, PGP-2.6.3i.

Stefan

-- 
Stefan Suchi  <suchi@gmx.de>
PGP 2.6.3i; Key 5135 3EF1, Fingerprint:
26 1A 72 E9 33 57 67 30  63 AB 4F A1 A7 D4 29 2A
KDE Linux Packaging Project http://kde.tdyc.com/

[prev in list] [next in list] [prev in thread] [next in thread]