Menu

#46 semi-automatic trust check for keys

closed
nobody
None
1.4.1
Enhancement
All
---
nobody
2018-02-11
2012-08-08
Patrick Brunschwig
No

Bug 21374 migrated from Mozdev.org

Imlement Adam Schreiber's idea
(http://bugzilla.gnome.org/show_bug.cgi?id=591027) of a semi-automatic trust
check.
If there are any untrusted keys, challenge the owner by an automatic mail. The
owner of the key then signs this mail and sends it back. If the key owner also
has a mail client that supports this verification protocol this can be done
automatically. As soon as the signed mail returns, the key can be granted a
marginal vaildity.

The code should do:

  • sends a challenge to all untrusted keys (once per key)
  • the challenge contains a specified, parseable part (for automatic handling)
  • the challenge can contain plaintext explanation (for human interaction)
  • the same plugin recognizes challenges and responds to them
  • returned challenges are checked and the trust is updated

------- Comment #1 From Thorsten Sick 2009-08-10 08:53:07 [reply] -------

There is a similar bug posted for evolution
http://bugzilla.gnome.org/show_bug.cgi?id=591342

Please co-operate to define the parseable part of the message for seamless
interaction between the mail clients

Discussion

  • Patrick Brunschwig

    Patrick Brunschwig - 2018-02-11
    • status: open --> closed
    • Found in Version: before_1.4 --> 1.4.1
    • Operating System: --> All
    • Fixed in version: --> ---
     

  • Patrick Brunschwig

    Patrick Brunschwig - 2018-02-11

    won't fix: I would rely on WKD or keys.mailvelope.com (a verifying key server).

     

Log in to post a comment.