Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

Stefan Claas stefan.claas at posteo.de
Wed Jun 7 22:46:54 CEST 2017

On 07.06.17 22:23, Ludwig Hügelschäfer wrote:
> Hi Stefan,
> On 06.06.17 22:19, Stefan Claas wrote:
>> On 06.06.17 20:46, Charlie Jonas wrote:
>>> On 2017-06-06 19:12, Stefan Claas wrote:
>>>> I tried also with Enigmail under OS X but when checking the
>>>> signatures here from the list members i always get the blue
>>>> "Untrusted Good Signature".
>>> Yes I get this as well. Interestingly whatever trust level I give
>>> keys, Enigmail on OSX seems to want to make the bar blue
>>> regardless.
>> Thanks for confirming. Hopefully Ludwig still follows this thread
>> and can tell us why it's not working, as expected.
> It's working as expected. To get a green bar in Enigmails header
> display, the key signing the message has to be at least fully valid. A
> key gets valid if you either:
> - sign it (whether local or exportable is not relevant)
> or
> - it is signed by
>   - at least one key you have signed and you have put "full" ownertrust
>     on these
>   - at least three other keys you have signed and you have put
>     "marginal" ownertrust on these
> This is the behaviour of the "classic" or "PGP" trust model which is
> the default in GnuPG. Enigmail only displays the result.

Thanks, i'm aware of the classic trust model.
> You may read more about this here:
> https://enigmail.wiki/Key_Management#The_Web_of_Trust
> There's a lot more information about the web of trust out in the web.
> Disclaimer: Configuring GnuPG to use the TOFU trust model may change
> this behaviour.

I configured GnuPG to use the TOFU model and expected that Enigmail
would switch from blue Untrusted to green when TOFU gives "full" trust
to a pub key. For example when i downloaded a signed Usenet message
as a test (where Enigmail showed me a blue bar) and let GnuPG verify
the saved file manually it gave me the statistics. After downloading a
second file, where Enigmail correctly showed the blue bar again, i ran
the file via GnuPG and it gave "full" trust to the message. After that
i klicked again in Enigmail in the Usenet thread and voila i had a green
bar. So that is the reason why i thought Enigmail would give me with
the new trust model also a green bar when checking here list members


And appologies for the multiple thread chaos!

More information about the Gnupg-users mailing list