From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 4AF0F6DE1029 for ; Sun, 22 Mar 2020 15:21:45 -0700 (PDT) Authentication-Results: arlo.cworth.org; dkim=pass (2048-bit key; secure) header.d=posteo.net header.i=@posteo.net header.b="lhEnhj0Y"; dkim-atps=neutral X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -2.206 X-Spam-Level: X-Spam-Status: No, score=-2.206 tagged_above=-999 required=5 tests=[AWL=0.295, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wdn45TUXDaog for ; Sun, 22 Mar 2020 15:21:44 -0700 (PDT) Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) by arlo.cworth.org (Postfix) with ESMTPS id E82096DE0EE3 for ; Sun, 22 Mar 2020 15:21:42 -0700 (PDT) Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id 087F216005E for ; Sun, 22 Mar 2020 23:21:37 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1584915698; bh=CBb5RoSWL7LkclIv21knH8Z9g0hHcu0my64Dcno+PVE=; h=From:To:Subject:Date:From; b=lhEnhj0Yilllf+3ogLnJgMa8RxMqsjfCLF+V31pefVO+tI6iMWq1RzEGUyUD1w5es zPqs5/zsPPwFUsYZM9i476xB6ETM6DG9040vwsP8Mm9lpzgYJjRJpsqS/w6TpYBjFn p5hazJwYhqpQCnwuT6uafyEVzuUBSf/LbLappc+41rUYIF2UuBBdFXI46+YRT/cL2M jpSyHu0mCqXEjRP3EBA2hqO8C/ENlmA9b75WtcX5rNmWiRx3gMtS46PDxVvxW+ssDn pAb03P7HnthjCDlja+fPqif6uIy2b2MhmqFsoWdR0QQGfsUhTrZRMKYtJndhOxf8Ik ykh0PO8dtlaiA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 48lsS10NHHz6tmJ; Sun, 22 Mar 2020 23:21:36 +0100 (CET) From: Tomas Nordin To: Philip Hands , notmuch@notmuchmail.org Subject: Re: Ultimate trust In-Reply-To: <87d094ciaw.fsf@hands.com> References: <87v9mxlqof.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me> <878sjt3e9n.fsf@iki.fi> <87pnd4laxa.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me> <87d094ciaw.fsf@hands.com> Date: Sun, 22 Mar 2020 23:21:36 +0100 Message-ID: <87mu88kp3j.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2020 22:21:45 -0000 Philip Hands writes: > Tomas Nordin writes: > >> Teemu Likonen writes: > ... >>> I do this: I press "Yes" (to trust "ultimately") but then immediately go >>> edit ~/.gnupg/trustlist.txt file and put "!" mark in the beginning of >>> that certificate authority's key fingerprint. It marks that key >>> untrusted (because I really don't know). Then: "gpgconf --reload >>> gpg-agent". >> >> OK, thanks. That already feels better, knowing I can revert this trust >> easily like that. And some better understanding for whats going on. > > That seems like a UI bug to me -- I'd have thought that there should be > a "No" button so that you can stop it repeatedly asking (presumably by > automatically doing the same as the above manual procedure). I agree there should be a "No" button doing the same thing as this manual procedure. Especially if the performance penalty is removed that way (like when answering yes), which I didn't test yet. (Before answering yes in the cases I refer to there was a significant hang in Emacs before the prompt show up) > > Would anyone happen to know where that should be reported? > > I have a feeling that I'd want to default that to answering "No", and > never see the prompt. > > The number of people I'm willing to declare ultimate trust in is quite > limited, and even for those, I'm not going to do it via some unfamiliar > bit of UI that springs up unexpectedly. This strikes me as mildly > deranged, and appears to be trying to train users to do the wrong thing. >From Teemu's explaination I understood the trust is not really about the sender but the "authority" which is certifying the senders key (GlobalSign in this case). And in my example the message is from some organisation connected to my work where I am guessing it is the IT department who has decided to set this up. While I am asked a question I cannot possibly answer I think it is better to ask (making clear something is going on) then just do something without my knowledge which I think is common with main stream mail agents. But it would be better as you say to be able to say "No" and also be given a hint about the file where this is recorded. PS: Besides that record in the trustlist.txt file I still don't understand what the possible side effect is. Other than removal of the delay. -- Tomas