On 12.06.17 20:18, Ludwig Hügelschäfer wrote: > Hi, > > On 12.06.17 14:52, Stefan Claas wrote: > >> Hi Ludwig, >> >> I just checked again. On my Mac and on my Windows Notebook i get a >> green bar , from a blue "Untrusted" key when i go into Enigmails >> Key Management and set the trust of that key to Ultimate... > Well, ultimate ownertrust is the wrong way. This setting is reserved > for your own keys. No wonder you get a green header bar. > > What are you trying to achieve? >
Well, i assume that the majority of people who are using GnuPG are using it with Thunderbird/Enigmail. Let's also assume they are not security experts like all you guys here on the list and let's also assume they are following popular tutorials like the ones from EFF: https://ssd.eff.org/en/module/how-use-pgp-windows because they know EFF are good people (like you security experts). Now here is my thought. Mallory knows this very well what i have described above and after he gained access to my computer he simply replaces on of my locally signed pub keys with a fake one where he sets owner trust to ultimate. A user, described as above would imho have a hard time to detect a fake pub key, because Enigmail shows for both keys a green bar. Maybe as an additional security feature Enigmail should give a key with a set trust level of "Ultimate" a different color than green. Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
