[kleopatra] [Bug 378781] kleopatra: dialog asks for: trust new root-cert but displays only CN, no fingerprint, or other ways to check the root-cert

Andre Heinecke bugzilla_noreply at kde.org
Tue Apr 18 14:15:57 BST 2017


Andre Heinecke <aheinecke at intevation.de> changed:

           What    |Removed                     |Added
         Resolution|---                         |UPSTREAM
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #1 from Andre Heinecke <aheinecke at intevation.de> ---

Sorry for tossing the ball away but that sadly is not Kleopatra's fault. That
dialog comes directly from the GnuPG System.

On the command line you get the same dialog:
export GNUPGHOME=$(mktemp -d)
curl http://cdp.pca.dfn.de/global-root-ca/pub/cacert/cacert_sha1.pem  | gpgsm
gpgsm --with-validation -k 

I'm actually against asking the user if a certificate is trusted or not. This
should be an administrative decision or maybe available in the certificate
details but imo 90% of users will just click the dialogs away.

Weirdly enough if you click yes in the first dialog you are asked in a second
dialog to confirm the fingerprint. I believe the idea there is that you first
are asked: Do you really want to trust "this CA". And in the second "Have you
confirmed that "This Fingerprint" is correct.

The upstream tracker is https://dev.gnupg.org/

You are receiving this mail because:
You are on the CC list for the bug.

More information about the Kdepim-bugs mailing list