From: Teemu Likonen <tlikonen@iki.fi>
To: Tomas Nordin <tomasn@posteo.net>, notmuch@notmuchmail.org
Subject: Re: Ultimate trust
Date: Sat, 21 Mar 2020 17:43:00 +0200 [thread overview]
Message-ID: <878sjt3e9n.fsf@iki.fi> (raw)
In-Reply-To: <87v9mxlqof.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me>
[-- Attachment #1: Type: text/plain, Size: 1593 bytes --]
Tomas Nordin [2020-03-21T15:37:36+01] wrote:
> This is probably a dumb question and not really an issue for Notmuch.
Excellent questions but partly difficult to answer.
> But it is when using notmuch (through emacs) I get this Gnome pop-up.
> See attached image. Some senders are attaching some sort of signature
> that I get to trust or cancel.
The sender's mail client has used gpgsm or similar program to digitally
sign the message content. The sender's key that made the message
signature has been certified by some certificate authority. And you are
asked if you trust this certificate authority to certify other's keys.
> What does people do in this case, I tend to cancel it. How should I
> relate to the question. How do I know if I could ultimately trust
> something as asked.
That is the difficult part. The right answer is probably that user
should carefully check the certificate authority's key fingerprint,
compare it to the fingerprint that the authority has published somewhere
else, study the certificate authority's reputation in certifying
people's keys, or something like that.
And almost nobody does that because it's too difficult.
I do this: I press "Yes" (to trust "ultimately") but then immediately go
edit ~/.gnupg/trustlist.txt file and put "!" mark in the beginning of
that certificate authority's key fingerprint. It marks that key
untrusted (because I really don't know). Then: "gpgconf --reload
gpg-agent".
--
/// Teemu Likonen - .-.. http://www.iki.fi/tlikonen/
// OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 251 bytes --]
next prev parent reply other threads:[~2020-03-21 16:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-21 14:37 Ultimate trust Tomas Nordin
2020-03-21 15:43 ` Teemu Likonen [this message]
2020-03-22 14:30 ` Tomas Nordin
2020-03-22 19:15 ` Philip Hands
2020-03-22 22:21 ` Tomas Nordin
2020-03-23 1:20 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878sjt3e9n.fsf@iki.fi \
--to=tlikonen@iki.fi \
--cc=notmuch@notmuchmail.org \
--cc=tomasn@posteo.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).