unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed
From: Tomas Nordin <tomasn@posteo.net>
To: Teemu Likonen <tlikonen@iki.fi>, notmuch@notmuchmail.org
Subject: Re: Ultimate trust
Date: Sun, 22 Mar 2020 15:30:09 +0100	[thread overview]
Message-ID: <87pnd4laxa.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me> (raw)
In-Reply-To: <878sjt3e9n.fsf@iki.fi>

Teemu Likonen <tlikonen@iki.fi> writes:

> Tomas Nordin [2020-03-21T15:37:36+01] wrote:
>
>> This is probably a dumb question and not really an issue for Notmuch.
>
> Excellent questions but partly difficult to answer.
>
>> But it is when using notmuch (through emacs) I get this Gnome pop-up.
>> See attached image. Some senders are attaching some sort of signature
>> that I get to trust or cancel.
>
> The sender's mail client has used gpgsm or similar program to digitally
> sign the message content. The sender's key that made the message
> signature has been certified by some certificate authority. And you are
> asked if you trust this certificate authority to certify other's keys.
>
>> What does people do in this case, I tend to cancel it. How should I
>> relate to the question. How do I know if I could ultimately trust
>> something as asked.
>
> That is the difficult part. The right answer is probably that user
> should carefully check the certificate authority's key fingerprint,
> compare it to the fingerprint that the authority has published somewhere
> else, study the certificate authority's reputation in certifying
> people's keys, or something like that.
>
> And almost nobody does that because it's too difficult.
>
> I do this: I press "Yes" (to trust "ultimately") but then immediately go
> edit ~/.gnupg/trustlist.txt file and put "!" mark in the beginning of
> that certificate authority's key fingerprint. It marks that key
> untrusted (because I really don't know). Then: "gpgconf --reload
> gpg-agent".

OK, thanks. That already feels better, knowing I can revert this trust
easily like that. And some better understanding for whats going on.

Best regards
--
Tomas

  reply	other threads:[~2020-03-22 14:30 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-21 14:37 Ultimate trust Tomas Nordin
2020-03-21 15:43 ` Teemu Likonen
2020-03-22 14:30   ` Tomas Nordin [this message]
2020-03-22 19:15     ` Philip Hands
2020-03-22 22:21       ` Tomas Nordin
2020-03-23  1:20       ` David Bremner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://notmuchmail.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87pnd4laxa.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me \
    --to=tomasn@posteo.net \
    --cc=notmuch@notmuchmail.org \
    --cc=tlikonen@iki.fi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).