Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#46 semi-automatic trust check for keys

open
nobody
None
before_1.4
Enhancement
2012-08-22
2012-08-08
No

Bug 21374 migrated from Mozdev.org

Imlement Adam Schreiber's idea
(http://bugzilla.gnome.org/show_bug.cgi?id=591027) of a semi-automatic trust
check.
If there are any untrusted keys, challenge the owner by an automatic mail. The
owner of the key then signs this mail and sends it back. If the key owner also
has a mail client that supports this verification protocol this can be done
automatically. As soon as the signed mail returns, the key can be granted a
marginal vaildity.

The code should do:

  • sends a challenge to all untrusted keys (once per key)
  • the challenge contains a specified, parseable part (for automatic handling)
  • the challenge can contain plaintext explanation (for human interaction)
  • the same plugin recognizes challenges and responds to them
  • returned challenges are checked and the trust is updated

------- Comment #1 From Thorsten Sick 2009-08-10 08:53:07 [reply] -------

There is a similar bug posted for evolution
http://bugzilla.gnome.org/show_bug.cgi?id=591342

Please co-operate to define the parseable part of the message for seamless
interaction between the mail clients

Discussion