Re: [Evolution] GPG Auto download pub keys
- From: Pete Biggs <pete biggs org uk>
- To: evolution-list gnome org
- Subject: Re: [Evolution] GPG Auto download pub keys
- Date: Sat, 09 May 2015 17:36:17 +0100
this is the absolute evidence that signing emails in 99,9% of it's use
cases is completely useless. Automatically accepting keys to validate
signed mails renders signing useless.
I totally understand what you are saying. The mitigating fact for
autoretrieval of keys is that it doesn't blindly accept the validity of
the keys unless (*I think*) you have already accepted a key of someone
who has signed the key. The signature is highlighted as yellow, not
green, and says "Valid signature, but cannot verify sender...".
You can also view the contents of the key and there are warnings such
as
gpg: WARNING: This key is not certified with a trusted
signature!
gpg: There is no indication that the signature belongs to the owner.
So it's not entirely a useless feature.
P.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]