From bernhard at intevation.de Wed Dec 6 10:22:14 2006 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed Dec 6 10:20:09 2006 Subject: Wish: group support for Kmail and gnupg In-Reply-To: <200611302031.42526@erwin.ingo-kloecker.de> References: <200611081100.02441.bernhard@intevation.de> <200611302031.42526@erwin.ingo-kloecker.de> Message-ID: <200612061022.18783.bernhard@intevation.de> On Thursday 30 November 2006 20:31, Ingo Kl?cker wrote: > FWIW, KMail supports associating several keys with one email adress > since ages (even before ?gypten stopped being just a country on the > African continent). Ingo, this is interesting. Can you tell me how this works with KMail/Kontact? Let us say I want to send at team@example.com and know that three people read there a@example.org, b@example.com, c@example.net. I enter team@example.com in the to: field, select encryption and OpenPGP. What do I need to do next? Bernhard -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20061206/48eedbb4/attachment.pgp From bernhard at intevation.de Wed Dec 6 10:28:30 2006 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed Dec 6 10:26:16 2006 Subject: Wish: group support for Kmail and gnupg In-Reply-To: <87mz69jhkm.fsf@wheatstone.g10code.de> References: <200611081100.02441.bernhard@intevation.de> <200611301215.56153.bernhard@intevation.de> <87mz69jhkm.fsf@wheatstone.g10code.de> Message-ID: <200612061028.31330.bernhard@intevation.de> On Thursday 30 November 2006 12:32, Werner Koch wrote: > On Thu, 30 Nov 2006 12:15, bernhard@intevation.de said: > > Actually the association from key to user id (including) email address > > happens on the gpg level already. So having several clients > > That is coincidence. A key does not need to have an email address. > Well, most do but it is not a requirement of gnupg. I know that it is not a requirement, but it is handy to get the additional data of a key, like the uids. This makes key management easier and this is important for the solution to be secure. > > like KMail, mutt and other frontends that can make use of this > > information, this information is best maintained at the same level than > > the user ids. > > Frontends have much more information about email adresses. They need > to handle To, Cc and especailly Bcc - gpg does not know about this. > MUAs can also keep track of communication patterns and assign trust to > a key by looking at these patterns. I hope this will eventually be > implemented. Well I agree. The question to me is: On which level should what be implemented. The knowledge which uidinformation belongs to which group of keys is something that I would want to share with all my MUAs anyway. So implementing this within each MUA is not a good idea. > Adding this stuff to gpg will finally add knowledge about email to it > which is not the Unix way. I even hesitated to add PKA to gpg but > this is an exception because no other way to implement it exists. I only propose to add a mapping uid -> n* keys if uid includes an email address, fine. If not: still good. > > It solves an important use case: I know that more than one person > > is behind one email address, having several keys. I want to send there. > > For me it jutts works adding these addresses to a --group. It is more > of a problem with some MUAs. Then again it should be fixed in the > MUA. To do this I would want the MUAs to use gpgme because they will otherwise have to implement another interface to GnuPG which makes it more complicated and error prone I believe. > > As I can ask for user ids over gpgme, I would expect this to be available > > via gpgme and not via the configure interface. > > No, it is not a key, it does not work. It works for other uid information like the email addresses, if I remember correctly. > > The use case described above is real and to promote encryption, > > it should be made easier to solve for frontends. > > So where is the actual problem you want to solve? It is Mutt, which > checks each recipient's key validity instead of leaving this to gpg. > Right? I want to solve it both for mutt and KMail/Kontact and while doing this also for Claws getting the design right. Bernhard -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20061206/62e02d28/attachment.pgp From kloecker at kde.org Wed Dec 6 20:26:43 2006 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Wed, 06 Dec 2006 20:26:43 +0100 Subject: Wish: group support for Kmail and gnupg In-Reply-To: <200612061022.18783.bernhard@intevation.de> References: <200611081100.02441.bernhard@intevation.de> <200611302031.42526@erwin.ingo-kloecker.de> <200612061022.18783.bernhard@intevation.de> Message-ID: <200612062026.45753@erwin.ingo-kloecker.de> On Wednesday 06 December 2006 10:22, Bernhard Reiter wrote: > On Thursday 30 November 2006 20:31, Ingo Kl?cker wrote: > > FWIW, KMail supports associating several keys with one email adress > > since ages (even before ?gypten stopped being just a country on the > > African continent). > > Ingo, > this is interesting. Can you tell me how this works with > KMail/Kontact? > > Let us say I want to send at team at example.com > and know that three people read there a at example.org, b at example.com, > c at example.net. > I enter team at example.com in the to: field, > select encryption and OpenPGP. > What do I need to do next? That should be pretty straight forward. - Select "Send Message". - KMail will tell you "There are conflicting encryption preferences for these recipients. Encrypt this message?". Select Encrypt. - The Encryption Key Selection dialog will pop up. Select the desired keys of a, b and c, check "Remember choice" and select OK. - A dialog asking for the name of the contact for "team at example.com" will pop up. - The Encryption Key Approval dialog will pop up. Optionally change the Encryption preference for "team at example.com", e.g. choose "Ask whenever encryption is possible". - After approving the encryption keys the message will be sent. Somewhere in between you will probably be asked for your passphrase for signing the message. The next time you send a message to team at example.com KMail will know which keys to use. I haven't tried it, but you should also be able to do the above from the address book, i.e. you create a new contact for team at example.com and edit the signing/encryption options of the contact. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20061206/3b3531c5/attachment.pgp From bernhard at intevation.de Thu Dec 7 20:18:37 2006 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 7 Dec 2006 20:18:37 +0100 Subject: Wish: group support for Kmail and gnupg In-Reply-To: <200612062026.45753@erwin.ingo-kloecker.de> References: <200611081100.02441.bernhard@intevation.de> <200612061022.18783.bernhard@intevation.de> <200612062026.45753@erwin.ingo-kloecker.de> Message-ID: <200612072018.38235.bernhard@intevation.de> Ingo, On Wednesday 06 December 2006 20:26, Ingo Kl?cker wrote: > - The Encryption Key Selection dialog will pop up. Select the desired > keys of a, b and c, check "Remember choice" and select OK. ah! This is the hard part. With many keys in the list, selecting several keys is not very intuitive. Usually I need to search to limit the choice and then the other key I might have selected is gone. > I haven't tried it, but you should also be able to do the above from the > address book, i.e. you create a new contact for team at example.com and > edit the signing/encryption options of the contact. Yes it is possible. I have to test this. Thanks for the hint! It still leaves the problem of configuration for several MUAs. It would be very cool if I could also select a group to use for encryption in KMail. Bernhard -- Managing Director - Owner, www.intevation.net (Free Software Company) Germany Coordinator, fsfeurope.org (Non-Profit Org for Free Software) www.kolab-konsortium.com (Email/Groupware Solution, Professional Service) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1310 bytes Desc: not available Url : /pipermail/attachments/20061207/a542398f/attachment.bin