Message signing popups....

[test]

On Thursday, May 28, 2020 11:26:30 AM CEST René J.V. Bertin wrote:
> On Thursday May 28 2020 08:43:28 strato_test wrote:
> >So why waste the resources on it?  Why is kmail nudging me with a feature
> >as useless and wasteful as this?  It's great that kmail supports
> >encryption, but for everyone you didn't exchange keys with personally, you
> >can better turn it off.
> 
> You can ask the same thing about tons of tiny translation files for just
> about any known language, 99.99% of which no one speaks (of course the
> subset is different for each of us). Distro maintainers set up packages for
> the largest common denominator, and evidently attach great importance to
> details related to security.  In short, even if it's possible to build PIM
> without support for encryption or signing they are unlikely to do that.
> Idem for the case when this feature is provided through optional components
> detected at runtime; they will probably consider them too important to ship
> them as an optional package.

By no means I mean to say that encryption should not be supported.  It should 
be supported, only it shouldn't be the default, especially when it tends to 
create the impression that something is secure when it is not.

There is no security in signing or encrypting emails when I have not 
exchanged, in person, the gpg keys with the author of a message that is signed 
or encrypted.

By a waste of resources, I'm referring to the amount of additional data that 
needs to be transmitted, processed, stored, archived etc. when emails are 
being signed (or encrypted) unless the gpg keys used for it were exchanged in 
person.

Having that said, kmail should have an option to automatically strip the gpg 
signatures from emails to reduce storage requirements ...

> [...]