Proposal of OpenPGP Email Validation

Patrick Brunschwig patrick at
Tue Jul 28 18:05:42 CEST 2015

On 28.07.15 16:46, Ingo Klöcker wrote:
> On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote:
>> Hi Ingo,
>> On 27.07.15 16:31, Ingo Klöcker wrote:
>>> This whole concept of a whitelist of "trusted validation servers"
>>> included in the email clients sounds a lot like the CA certificate
>>> bundles included in browsers and/or OSes. Who is going to maintain
>>> this whitelist?
>> Whilelists: The OpenPGP-aware clients. There aren't so many of them,
>> so that's manageable.
> Speaking for KMail how can I be sure that somebody who claims that his 
> validation server can be trusted can actually be trusted and should therefore 
> be added to the whitelist? KDE avoids this problem for the CA certificate 
> bundle by relying on the certificate bundles provided by the Linux 
> distributors or by Mozilla.

Let's face it: KDE doesn't /avoid/ this problem. It just shifts the
problem to someone else -- the Linux distributors or Mozilla ;)


More information about the Gnupg-users mailing list