[kmail2] [Bug 385687] certification path validation

Andre Heinecke bugzilla_noreply at kde.org
Fri Apr 27 18:17:45 BST 2018


https://bugs.kde.org/show_bug.cgi?id=385687

--- Comment #2 from Andre Heinecke <aheinecke at intevation.de> ---
I don't think that any of the issues raised here are a big (or any) security
concern. Because mails are only ever valid if the corresponding root
certificate is trusted.

If you only have trustworthy root certificates (as you should) which work in
your infrastructure you don't have any problem. The whole concept of GPGSM is
not to trust any root certificates by default and leave it to Administrators to
make the decision which roots they trust. And if they trust a root that does
MD5 Signatures,.. well ok. Maybe GPGSM should no longer allow that by default.
We'll look into it but so far I don't see any critical priority problem here.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Kdepim-bugs mailing list