Keys not trusted

Wolfgang Bornath wbo@mandrakesoft.com
Fri May 9 16:11:02 2003


=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

** Yenot (Freitag, 9. Mai 2003 00:29)
>
> You're certainly not the only person with this problem. I know at
> least some of the Kmail developers read this list, so may be it would
> be useful to start a discussion on the matter. I think Kmail, and
> mail agents in general, need some way of sending e-mail to unknown
> parties.  Just because I don't know someone's real identity, doesn't
> mean that I don't want to send them mail.  And it certainly doesn't
> mean that I want to add all these letters to a TIA (Total Information
> Awareness) database, or in general share these letters with every
> Eve, Carnivore, and archiving SMTP server between our two computers.

You may have a point there and your following ideas may not be bad.
But having read some more of the documentation (especially about the=20
overall concept) I agree with the current behaviour of kmail.

Who do I send mails to which should be encrypted so that only the=20
addressee can read the contents? Right, only to persons who I trust not=20
to reveal the contents of my private thoughts to any other person.
I can't think of a situation where I would send such private thoughts to=20
a person I don't know and/or have a kind of relationship with. And if I=20
have such a relation to that person there is a way to establish a=20
trusted communication to exchange trusted keys (via a known third=20
party, a trusted organization or institution, etc.).

When it comes to exchanging data which should not be sent in the open=20
there are organizations in all areas of the world where you can have=20
your key signed so that it is acknowledged by other people.
As an example, in Germany we have a computer magazine (c't) which offers=20
signing of keys when you show up at exhibitions at their booth with=20
your key and a official id card (passport, drivers license, etc.).=20
There are other possibilities.

I don't see any need to spoil the concept of the Web of Trust.

wobo
=2D --=20
Public GnuPG key available at keyserver pgp.mit.edu


=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+u7csXpTF6eCkAF0RAiYvAJ4gfrAuw6Q6iddzaAD+ZcUPWGCDvwCgjQzR
mFq5k6mq6kI7BssaFQREoSw=3D
=3DGZXo
=2D----END PGP SIGNATURE-----