On 2017-09-30 09:06, Tom Hardy wrote:
On Saturday, 30 September 2017 00:08:32 CDT stakanov wrote:
He did an "P.S. S/MIME testing" (as he quoted at the end of message) When an S/MIME message arrives, you may or may not want to trust the issuing authority (which is one of the weaknesses of s/mime vs gpg, you need to trust an authority. But then, it is a very well known way to encrypt in business. In this case it was commodo. Do you use kleopatra? It may be the programm that issued the demand. And no, I do not think it is something strange, the average user should be able to understand the value of such a question. Maybe a better definition of which programm opens this would be better.
I've got Kgpg running (maybe I should change that), but I thought it was Kmail that issued the request. That's one of the problems--the issuing program and the reason for the request isn't identified--and I feel uncomfortable extending trust without knowing the party and dotting all the i's. I'm just carrying that lack of trust forward to certificate authorities. I should say I don't have knowlege of gpg usage reduced to muscle memory, I just use it once in a while.
It is not a GPG issue. PKCS works differently.
There is another, more common circumstance where Kmail (If it's Kmail) makes ambiguous requests for trust, when it tries to make a secure connection through a captive portal with a certificate. There, the answer is clearly no.
But what is the average user to do? Just trust any party to come along without a clue what is going on, in an attempt to make things work?
The average user has the responsibility to know what a certificate authority is. And when the question arises to trust or not to trust a new authority, it is up to the user to decide. >:-) It is part of the mandatory training you do to get your license to use computers :-P
I think the dialog should at least identify who is making the request. It could be Kmail, or it could be Firefox, or it could be NetworkManager....
It doesn't matter, because the answer will apply to all software installed in your computer now and in the future. The question is simple: Do you accept Comodo as a certificate authority? If you are in doubt, stop and google it. Of course, the dialog should have as a valid answer "I don't know". -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)