Mailinglist Archive: opensuse-factory (826 mails)

< Previous Next >
Re: [opensuse-factory] Kmail and SMime (Was: Need to click twice on shutdown to power-off TW)
On 2017-09-30 09:06, Tom Hardy wrote:
On Saturday, 30 September 2017 00:08:32 CDT stakanov wrote:
He did an
"P.S. S/MIME testing" (as he quoted at the end of message)
When an S/MIME message arrives, you may or may not want to trust the issuing
authority (which is one of the weaknesses of s/mime vs gpg, you need to
trust an authority. But then, it is a very well known way to encrypt in
business. In this case it was commodo. Do you use kleopatra? It may be the
programm that issued the demand. And no, I do not think it is something
strange, the average user should be able to understand the value of such a
question. Maybe a better definition of which programm opens this would be
better.

I've got Kgpg running (maybe I should change that), but I thought it was
Kmail
that issued the request. That's one of the problems--the issuing program and
the reason for the request isn't identified--and I feel uncomfortable
extending
trust without knowing the party and dotting all the i's. I'm just carrying
that lack of trust forward to certificate authorities. I should say I don't
have knowlege of gpg usage reduced to muscle memory, I just use it once in a
while.

It is not a GPG issue. PKCS works differently.


There is another, more common circumstance where Kmail (If it's Kmail) makes
ambiguous requests for trust, when it tries to make a secure connection
through a captive portal with a certificate. There, the answer is clearly no.

But what is the average user to do? Just trust any party to come along
without a clue what is going on, in an attempt to make things work?

The average user has the responsibility to know what a certificate
authority is. And when the question arises to trust or not to trust a
new authority, it is up to the user to decide. >:-)

It is part of the mandatory training you do to get your license to use
computers :-P

I think the dialog should at least identify who is making the request. It
could be Kmail, or it could be Firefox, or it could be NetworkManager....

It doesn't matter, because the answer will apply to all software
installed in your computer now and in the future. The question is
simple: Do you accept Comodo as a certificate authority?

If you are in doubt, stop and google it.

Of course, the dialog should have as a valid answer "I don't know".

--
Cheers / Saludos,

Carlos E. R.
(from 42.2 x86_64 "Malachite" at Telcontar)

< Previous Next >
List Navigation
This Thread
  • No further messages