Your message dated Mon, 31 Jul 2000 23:46:36 +0200
with message-id <00073123463600.29748@douglas>
and subject line Bug#7016: No encryption in case of missing secret key for signing
has caused the attached bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Stephan Kulow
(administrator, KDE bugs database)

Received: (at submit) by bugs.kde.org; 31 Jul 2000 21:27:35 +0000
From suchi@gmx.de Mon Jul 31 23:27:35 2000
Received: from pop.gmx.net ([194.221.183.20]:47639 "HELO mail.gmx.net")
        by master.kde.org with SMTP id <S221332AbQGaV10> convert rfc822-to-8bit;
        Mon, 31 Jul 2000 23:27:26 +0200
Received: (qmail 17939 invoked by uid 0); 31 Jul 2000 21:27:17 -0000
Received: from a28fd.pppool.de (HELO suchi1.gwdg.de) (213.6.40.253)
  by mail.gmx.net with SMTP; 31 Jul 2000 21:27:17 -0000
Received: from suchi1 (suchi@suchi1.gwdg.de [127.0.0.1])
        by suchi1.gwdg.de (8.9.3/8.8.8) with SMTP id XAA05899
        for <submit@bugs.kde.org>; Mon, 31 Jul 2000 23:26:48 +0200
From:   Stefan Suchi <suchi@gmx.de>
Reply-To: suchi@gmx.de
To:     submit@bugs.kde.org
Subject: No encryption in case of missing secret key for signing
Date:   Mon, 31 Jul 2000 23:14:24 +0200
X-Mailer: KMail [version 1.0.29.2]
Content-Type: text/plain
MIME-Version: 1.0
Message-Id: <00073123264801.05813@suchi1>
Content-Transfer-Encoding: 8BIT
Return-Path: <suchi@gmx.de>
X-Orcpt: rfc822;submit@bugs.kde.org

Package: kmail
Version: 1.0.29.2

If I try to send a message SIGNED and ENCRYPTED and the "PGP User Identity"
is not found in my secret keyring (for example because my email-address has
changed) the message is sent unsigned and unencrypted without any warning.

To me this behavior looks like a mayor security problem.

I would suggest that in this case an error message pops up like itīs doing
in the case a recipient key could not be found or that the message is at
least sent unsigned, but encrypted.

My system: SuSE-6.1, KDE-1.1.2, kmail-1.0.29.2, PGP-2.6.3i.

Stefan

-- 
Stefan Suchi  <suchi@gmx.de>
PGP 2.6.3i; Key 5135 3EF1, Fingerprint:
26 1A 72 E9 33 57 67 30  63 AB 4F A1 A7 D4 29 2A
KDE Linux Packaging Project http://kde.tdyc.com/