[kleopatra] [Bug 378781] kleopatra: dialog asks for: trust new root-cert but displays only CN, no fingerprint, or other ways to check the root-cert
Andre Heinecke
bugzilla_noreply at kde.org
Tue Apr 18 14:15:57 BST 2017
https://bugs.kde.org/show_bug.cgi?id=378781
Andre Heinecke <aheinecke at intevation.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |UPSTREAM
Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Andre Heinecke <aheinecke at intevation.de> ---
Hi,
Sorry for tossing the ball away but that sadly is not Kleopatra's fault. That
dialog comes directly from the GnuPG System.
On the command line you get the same dialog:
export GNUPGHOME=$(mktemp -d)
curl http://cdp.pca.dfn.de/global-root-ca/pub/cacert/cacert_sha1.pem | gpgsm
--import
gpgsm --with-validation -k
I'm actually against asking the user if a certificate is trusted or not. This
should be an administrative decision or maybe available in the certificate
details but imo 90% of users will just click the dialogs away.
Weirdly enough if you click yes in the first dialog you are asked in a second
dialog to confirm the fingerprint. I believe the idea there is that you first
are asked: Do you really want to trust "this CA". And in the second "Have you
confirmed that "This Fingerprint" is correct.
The upstream tracker is https://dev.gnupg.org/
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Kdepim-bugs
mailing list