Proposal of OpenPGP Email Validation
Patrick Brunschwig
patrick at enigmail.net
Tue Jul 28 18:05:42 CEST 2015
On 28.07.15 16:46, Ingo Klöcker wrote:
> On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote:
>> Hi Ingo,
>>
>> On 27.07.15 16:31, Ingo Klöcker wrote:
>>> This whole concept of a whitelist of "trusted validation servers"
>>> included in the email clients sounds a lot like the CA certificate
>>> bundles included in browsers and/or OSes. Who is going to maintain
>>> this whitelist?
>>
>> Whilelists: The OpenPGP-aware clients. There aren't so many of them,
>> so that's manageable.
>
> Speaking for KMail how can I be sure that somebody who claims that his
> validation server can be trusted can actually be trusted and should therefore
> be added to the whitelist? KDE avoids this problem for the CA certificate
> bundle by relying on the certificate bundles provided by the Linux
> distributors or by Mozilla.
Let's face it: KDE doesn't /avoid/ this problem. It just shifts the
problem to someone else -- the Linux distributors or Mozilla ;)
-Patrick
More information about the Gnupg-users
mailing list