Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons
ludwig at enigmail.net
Mon Jun 12 21:21:36 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
On 12.06.17 20:51, Stefan Claas wrote:
> On 12.06.17 20:18, Ludwig Hügelschäfer wrote:
>> On 12.06.17 14:52, Stefan Claas wrote:
>>> Hi Ludwig,
>>> I just checked again. On my Mac and on my Windows Notebook i
>>> get a green bar , from a blue "Untrusted" key when i go into
>>> Enigmails Key Management and set the trust of that key to
>> Well, ultimate ownertrust is the wrong way. This setting is
>> reserved for your own keys. No wonder you get a green header
>> What are you trying to achieve?
> Well, i assume that the majority of people who are using GnuPG are
> using it with Thunderbird/Enigmail.
I'd not sign this statement. A lot of users caring for privacy and
safety won't go for Windows. Thunderbird is not the most popular mail
client on non-windows computers, there quite some other mail clients.
> Let's also assume they are not security experts like all you guys
> here on the list and let's also assume they are following popular
> tutorials like the ones from EFF:
> https://ssd.eff.org/en/module/how-use-pgp-windows because they know
> EFF are good people (like you security experts).
> Now here is my thought. Mallory knows this very well what i have
> described above and after he gained access to my computer he simply
> replaces on of my locally signed pub keys with a fake one where he
> sets owner trust to ultimate. A user, described as above would imho
> have a hard time to detect a fake pub key, because Enigmail shows
> for both keys a green bar.
As Robert said: If an attacker gains control over your computer,
you're busted, game over.
> Maybe as an additional security feature Enigmail should give a key
> with a set trust level of "Ultimate" a different color than green.
This would also be the case if the attacker gained access to your
What you can do: Learn, learn by playing, learn by trying to
understand what others write and by asking questions and become a
reasonable critical user. That's the hard way, but you learn best.
Second possibility would be to have a good experienced friend which
guides you along the way. Third way would be to engage an expert which
maintains your computer.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users