From: Tomas Nordin <tomasn@posteo.net>
To: Teemu Likonen <tlikonen@iki.fi>, notmuch@notmuchmail.org
Subject: Re: Ultimate trust
Date: Sun, 22 Mar 2020 15:30:09 +0100 [thread overview]
Message-ID: <87pnd4laxa.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me> (raw)
In-Reply-To: <878sjt3e9n.fsf@iki.fi>
Teemu Likonen <tlikonen@iki.fi> writes:
> Tomas Nordin [2020-03-21T15:37:36+01] wrote:
>
>> This is probably a dumb question and not really an issue for Notmuch.
>
> Excellent questions but partly difficult to answer.
>
>> But it is when using notmuch (through emacs) I get this Gnome pop-up.
>> See attached image. Some senders are attaching some sort of signature
>> that I get to trust or cancel.
>
> The sender's mail client has used gpgsm or similar program to digitally
> sign the message content. The sender's key that made the message
> signature has been certified by some certificate authority. And you are
> asked if you trust this certificate authority to certify other's keys.
>
>> What does people do in this case, I tend to cancel it. How should I
>> relate to the question. How do I know if I could ultimately trust
>> something as asked.
>
> That is the difficult part. The right answer is probably that user
> should carefully check the certificate authority's key fingerprint,
> compare it to the fingerprint that the authority has published somewhere
> else, study the certificate authority's reputation in certifying
> people's keys, or something like that.
>
> And almost nobody does that because it's too difficult.
>
> I do this: I press "Yes" (to trust "ultimately") but then immediately go
> edit ~/.gnupg/trustlist.txt file and put "!" mark in the beginning of
> that certificate authority's key fingerprint. It marks that key
> untrusted (because I really don't know). Then: "gpgconf --reload
> gpg-agent".
OK, thanks. That already feels better, knowing I can revert this trust
easily like that. And some better understanding for whats going on.
Best regards
--
Tomas
next prev parent reply other threads:[~2020-03-22 14:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-21 14:37 Ultimate trust Tomas Nordin
2020-03-21 15:43 ` Teemu Likonen
2020-03-22 14:30 ` Tomas Nordin [this message]
2020-03-22 19:15 ` Philip Hands
2020-03-22 22:21 ` Tomas Nordin
2020-03-23 1:20 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pnd4laxa.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me \
--to=tomasn@posteo.net \
--cc=notmuch@notmuchmail.org \
--cc=tlikonen@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).