[pkg-kde-bugs-fwd] [Bug 44699] can't encrypt with gpg if the
receiver's key is not signed
Felix Eckhofer
felix at tribut.de
Tue Jan 17 09:27:35 UTC 2006
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
You are a voter for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=44699
------- Additional Comments From felix tribut de 2006-01-17 10:27 -------
Transport security? Of course we may be vulnerable to a man-in-the-middle attack. But it is a protection againt random network sniffing on both the sender's and the receiver's sides.
Additionally, local signing is time consuming and therefore results in people using cryptography less, which is bad.
Third: Read the rationale from the Debian maintainers again. You lsign a key because you want to send an encrypted message. You are not really sure, if this key belongs to that person. Some time later, you receive a signed message from that person. Kmail will display it with green background and tell you, that the key is trusted. Are you sure that you will remember that you didn't really trust that person?
It is a bug. It weakens the web of trust. And it steals my time.
More information about the pkg-kde-bugs-fwd
mailing list