>
> this is the absolute evidence that signing emails in 99,9% of it's use
> cases is completely useless. Automatically accepting keys to validate
> signed mails renders signing useless.
I totally understand what you are saying. The mitigating fact for
autoretrieval of keys is that it doesn't blindly accept the validity of
the keys unless (*I think*) you have already accepted a key of someone
who has signed the key. The signature is highlighted as yellow, not
green, and says "Valid signature, but cannot verify sender...".
You can also view the contents of the key and there are warnings such
as
gpg: WARNING: This key is not certified with a trusted
signature!
gpg: There is no indication that the signature belongs to the
owner.
So it's not entirely a useless feature.
P.
_______________________________________________
evolution-list mailing list
[email protected]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
