On 08.09.18 16:50, Patrick Chkoreff wrote: > OK here are the results of my experiment, my quick notes in a text file: > > ~~~~ > delete key from key management > > just in case, restart Thunderbird > > go back to the original email with the key attached > > right-click on the key and choose "Import PGP Key" > > Immediately attempt to reply to the sender with encryption > > Enigmail brings up key selection dialog, with the new key shown in italics > > Try to choose the new key anyway and press Send > > Enigmail says "Sending of the message failed" > > Now go into key management to sign the new key so I can encrypt to it > > > When I right-click on the key, I DO see "Sign Key" and DO NOT see "Set > Owner Trust" (as expected). > > When signing, choose "I have not checked at all," which is the truth. > After all, this is a complete > stranger on the other side of the planet and I'm not going to fly out to > meet him. (I view this > signing step very much like ssh's "trust on first use" anyway. I don't > care that this new stranger > really "is" William Shakespeare, just that every time I get a message > from him I know it's the > *same* William Shakespeare as the day before. I'll establish reputation > as the relationship > progresses, and have nothing to lose on first contact.) > > > After signing, once again attempt to reply to the sender with encryption. > > Brings up key selection dialog again: same result, sending the message > ultimately fails. > > > My next thought is, maybe Enigmail won't let me encrypt to that key > because I confessed > that I did not check William's identity at all (lazy me). So this time, > I delete the key, > re-import it, and lie to the software that I have very carefully vetted > the "identity" of > this new stranger on the other side of the planet. > > After signing that key in my own blood, immediately attempt to reply to > the sender with encryption > > SUCCESS! My clever lie worked, and no key selection dialog came up. It > went straight through > to the new stranger. > > > So that's the answer: if I want to encrypt to a newly imported key, I > must first sign it > and attest that I have checked it very thoroughly. Doing a "Set Owner > Trust" is unnecessary. > > > The other answer is to just choose "Use any usable key", but that seems > even more promiscuous > and haphazardous than just signing each new key with a white lie.
You need to understand how the implementation of the Web of Trust works in GnuPG. This is nothing to blame on Enigmail. Read here to understand the web of trust: https://wiki.gnupg.org/WebOfTrust -Patrick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
