From: David Bremner <david@tethera.net>
To: Philip Hands <phil@hands.com>, notmuch@notmuchmail.org
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: Ultimate trust
Date: Sun, 22 Mar 2020 22:20:15 -0300 [thread overview]
Message-ID: <87ftdzlve8.fsf@tethera.net> (raw)
In-Reply-To: <87d094ciaw.fsf@hands.com>
Philip Hands <phil@hands.com> writes:
> Tomas Nordin <tomasn@posteo.net> writes:
>
>> Teemu Likonen <tlikonen@iki.fi> writes:
> ...
>>> I do this: I press "Yes" (to trust "ultimately") but then immediately go
>>> edit ~/.gnupg/trustlist.txt file and put "!" mark in the beginning of
>>> that certificate authority's key fingerprint. It marks that key
>>> untrusted (because I really don't know). Then: "gpgconf --reload
>>> gpg-agent".
>>
>> OK, thanks. That already feels better, knowing I can revert this trust
>> easily like that. And some better understanding for whats going on.
>
> That seems like a UI bug to me -- I'd have thought that there should be
> a "No" button so that you can stop it repeatedly asking (presumably by
> automatically doing the same as the above manual procedure).
>
> Would anyone happen to know where that should be reported?
>
> I have a feeling that I'd want to default that to answering "No", and
> never see the prompt.
I think this is all about S/MIME and gpgsm. The issue with the delays
is already reported to
https://dev.gnupg.org/T3348
It can be worked around with "disable-crl-checks" in the gpgsm
config. But if you actually care about S/MIME messages that has some
drawbacks.
The more general question of asking people to trust the CA of some
random person on the internet seems crazy to me as well. I'm not sure,
maybe dkg has ideas about how to fix the UI issue from the notmuch side.
d
prev parent reply other threads:[~2020-03-23 1:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-21 14:37 Ultimate trust Tomas Nordin
2020-03-21 15:43 ` Teemu Likonen
2020-03-22 14:30 ` Tomas Nordin
2020-03-22 19:15 ` Philip Hands
2020-03-22 22:21 ` Tomas Nordin
2020-03-23 1:20 ` David Bremner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ftdzlve8.fsf@tethera.net \
--to=david@tethera.net \
--cc=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
--cc=phil@hands.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).