From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id D7B246DE1030 for ; Sun, 22 Mar 2020 07:30:17 -0700 (PDT) Authentication-Results: arlo.cworth.org; dkim=pass (2048-bit key; secure) header.d=posteo.net header.i=@posteo.net header.b="XZAqd8uE"; dkim-atps=neutral X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -2.186 X-Spam-Level: X-Spam-Status: No, score=-2.186 tagged_above=-999 required=5 tests=[AWL=0.315, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5LSdBVyaoGak for ; Sun, 22 Mar 2020 07:30:15 -0700 (PDT) Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) by arlo.cworth.org (Postfix) with ESMTPS id 6BAA06DE1029 for ; Sun, 22 Mar 2020 07:30:14 -0700 (PDT) Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 4AD622400FD for ; Sun, 22 Mar 2020 15:30:11 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1584887411; bh=RTgN0z7YywFdiMwFxCnXSXcEqqjtUuwoU9EjKGoCcms=; h=From:To:Subject:Date:From; b=XZAqd8uEOrkIg5RCmXxiHHttIONhaKrqF5Qwk6nVQSNCsFkPWpq5NW+Cwgf+uwKDU HjbIqDi1sONB6PwzTq2wjcmfs58cXBea6fb1WyR46ImQxir6nCqa3wcooCNv2jbKTI fE8JGVVBJCYB64WtyfwGXqL+oob1fJztemphZcQpGc3rhoxXYR7bPfThGp+DHX+EKP 5JOs6aGOiR7YLxSSvZd06nfIuPT3SZ86zjOX6Yj0TRx0/l4n2uDv1Ur6pCdQ+SNAle 3c/P5gDcYVe/fgUZWLdDGKVpQ5aHw6caWCj8k9Yn8WXkZ3AcSwDBn6uWt9GJPA0ieA keA36cQSr9TfA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 48lg023MZ0z9rxY; Sun, 22 Mar 2020 15:30:10 +0100 (CET) From: Tomas Nordin To: Teemu Likonen , notmuch@notmuchmail.org Subject: Re: Ultimate trust In-Reply-To: <878sjt3e9n.fsf@iki.fi> References: <87v9mxlqof.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me> <878sjt3e9n.fsf@iki.fi> Date: Sun, 22 Mar 2020 15:30:09 +0100 Message-ID: <87pnd4laxa.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2020 14:30:18 -0000 Teemu Likonen writes: > Tomas Nordin [2020-03-21T15:37:36+01] wrote: > >> This is probably a dumb question and not really an issue for Notmuch. > > Excellent questions but partly difficult to answer. > >> But it is when using notmuch (through emacs) I get this Gnome pop-up. >> See attached image. Some senders are attaching some sort of signature >> that I get to trust or cancel. > > The sender's mail client has used gpgsm or similar program to digitally > sign the message content. The sender's key that made the message > signature has been certified by some certificate authority. And you are > asked if you trust this certificate authority to certify other's keys. > >> What does people do in this case, I tend to cancel it. How should I >> relate to the question. How do I know if I could ultimately trust >> something as asked. > > That is the difficult part. The right answer is probably that user > should carefully check the certificate authority's key fingerprint, > compare it to the fingerprint that the authority has published somewhere > else, study the certificate authority's reputation in certifying > people's keys, or something like that. > > And almost nobody does that because it's too difficult. > > I do this: I press "Yes" (to trust "ultimately") but then immediately go > edit ~/.gnupg/trustlist.txt file and put "!" mark in the beginning of > that certificate authority's key fingerprint. It marks that key > untrusted (because I really don't know). Then: "gpgconf --reload > gpg-agent". OK, thanks. That already feels better, knowing I can revert this trust easily like that. And some better understanding for whats going on. Best regards -- Tomas