[kmail2] [Bug 441209] New: signed by a PGP key that doesn't match uid is still "green"

[Caleb Cushing]

https://bugs.kde.org/show_bug.cgi?id=441209

            Bug ID: 441209
           Summary: signed by a PGP key that doesn't match uid is still
                    "green"
           Product: kmail2
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: crypto
          Assignee: kdepim-bugs at kde.org
          Reporter: xenoterracide at gmail.com
  Target Milestone: ---

Created attachment 140865
  --> https://bugs.kde.org/attachment.cgi?id=140865&action=edit
screenshot of the green path with sender/receiver

SUMMARY

using a trusted key to sign with a UID that it doesn't have shouldn't be green.
note: evolution warns about this.

STEPS TO REPRODUCE
1. create 2 sets of full gpg keys
2. use another client to sign sending one of your emails with the other emails
key.


I did this with a misconfiguration via fairemail.

OBSERVED RESULT

kmail shows green and all happy


EXPECTED RESULT


kmail should show yellow or red because that key isn't approved for that uid.

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
Kmail: 5.18.0
Operating System: Manjaro Linux
KDE Plasma Version: 5.22.4
KDE Frameworks Version: 5.85.0
Qt Version: 5.15.2
Kernel Version: 5.10.59-1-MANJARO (64-bit)
Graphics Platform: Wayland
Processors: 8 × Intel® Core™ i7-10610U CPU @ 1.80GHz
Memory: 15.4 GiB of RAM
Graphics Processor: Mesa Intel® UHD Graphics

-- 
You are receiving this mail because:
You are the assignee for the bug.