On 28.07.15 16:46, Ingo Klöcker wrote: > On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote: >> Hi Ingo, >> >> On 27.07.15 16:31, Ingo Klöcker wrote: >>> This whole concept of a whitelist of "trusted validation servers" >>> included in the email clients sounds a lot like the CA certificate >>> bundles included in browsers and/or OSes. Who is going to maintain >>> this whitelist? >> >> Whilelists: The OpenPGP-aware clients. There aren't so many of them, >> so that's manageable. > > Speaking for KMail how can I be sure that somebody who claims that his > validation server can be trusted can actually be trusted and should therefore > be added to the whitelist? KDE avoids this problem for the CA certificate > bundle by relying on the certificate bundles provided by the Linux > distributors or by Mozilla.
Let's face it: KDE doesn't /avoid/ this problem. It just shifts the problem to someone else -- the Linux distributors or Mozilla ;) -Patrick _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
