[Bug 209319] New: GnuPG: automatically attach my public key and the public key from all receivers - also automatically import attached public keys (decentral key management)

Arne Babenhauserheide arne_bab at web.de
Sat Oct 3 16:32:34 BST 2009


https://bugs.kde.org/show_bug.cgi?id=209319

           Summary: GnuPG: automatically attach my public key and the
                    public key from all receivers - also automatically
                    import attached public keys (decentral key management)
           Product: kmail
           Version: 1.12.1
          Platform: unspecified
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: wishlist
          Priority: NOR
         Component: general
        AssignedTo: kdepim-bugs at kde.org
        ReportedBy: arne_bab at web.de


Version:           1.12.1 (using 4.3.1 (KDE 4.3.1), Gentoo)
Compiler:          x86_64-pc-linux-gnu-gcc
OS:                Linux (x86_64) release 2.6.30-hh2

I'd love to be able to tell KMail to automatically attach my public GnuPG key
and all public GnuPG keys of the receivers to each email I send (and
sign/encrypt). 

Along with the option to automatically import any attached GnuPG key, that
would open the possiblity of using GnuPG without the need for central
keyservers: If I sign a key, its owner will automatically get the updated
version once he gets an email from me. 

And since GnuPG keys aren't verified via "I have it" but via the web of trust,
this would be completely safe. 

No longer needing the keyservers would also alleviate a privacy concern.
Currently people can find the people who verified my key by getting my key from
a keyserver. By doing key spreading and signature merging decentrally (by
sending mails), this type of analysis will become much less threatening, since
the data will very likely be incomplete. People would have to get the public
key directly from me or from some of their contacts to be able to do a
signer-analysis - and they couldn't easily broaden it by getting the signed
keys from my signers from the servers. 

All this can be accomplished by adding the two options "always attach my public
key and the keys of all public receivers (only "TO" and "CC"!) and "always
import attached GnuPG keys". 

Best wishes, 
Arne

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the Kdepim-bugs mailing list