[Bug 44699] can't encrypt with gpg if the receiver's key is not signed
Torsten Landschoff
torsten at debian.org
Thu Feb 21 13:05:00 GMT 2008
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=44699
------- Additional Comments From torsten debian org 2008-02-21 14:04 -------
Come on, this can't be true. kmail disallows me to send encrypted with an untrusted key - why!? Warning is okay, perhaps in bold letters and some "I am really sure" check.
This misfeature makes kontact all but useless for me. I won't go and sign any key of other Debian people I did not meet in person - I can't be sure the key matches the person. But at least it will only be readable by the person having the key, no t to every mail server in between us.
For work I have a big list of keys which I won't sign. For one I know the person relating to the key, but I did never check any passports. So I won't sign them. So the "solution" to use kmail is to --lsign every key? Not!
While I am just using Thunderbird again in disbelief, others will happily sign every key just to be able to send an email. For me this looks like a security problem (the social engineering kind) and not like a wishlist bug.
Please fix this!
More information about the Kdepim-bugs
mailing list