[kmail2] [Bug 322708] kmail should allow encrypting mails with keys of unknown/zero trust

Hauke Laging hauke at laging.de
Sat Jan 4 08:52:23 GMT 2014


https://bugs.kde.org/show_bug.cgi?id=322708

Hauke Laging <hauke at laging.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hauke at laging.de

--- Comment #2 from Hauke Laging <hauke at laging.de> ---
(In reply to comment #0)
> however it doesn't. This is wrong because encryption is meant to provide
> confidentiality and the act of signing keys and creating a web of trust is
> meant to provide authenticity.

I can confirm the problem but your explanation doesn't make sense. You seem to
not have understood how crypto works. See:

http://www.openpgp-schulungen.de/kurzinfo/irrtuemer/#import-ausreichend

You need verify the certificate in order to be sure that you encrypt to the
right key. Encrypting to the MitM key is not part of the concept
"confidentiality". Signing keys makes them valid. You need valid keys both for
serious encryption and for serious signature checking.

Nonetheless this must be fixed because the user must be free to decide to use
the key anyway and it is really evil to force the user to certify the key first
(or even worse: set it to ultimate trust).

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Kdepim-bugs mailing list