[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ESD-translators] Misleading "invalid keys" section?

From: Tobias Bengfort
Subject: [ESD-translators] Misleading "invalid keys" section?
Date: Fri, 17 Feb 2017 15:10:22 +0100
User-agent: Mozilla-Thunderbird (X11/20100329)


I have a question that is not directly related to translation, but
rather to content. I am sorry if this is the wrong place to raise the issue.

I recently stumbled upon a bug report[1] in a thunderbird plugin that
quoted the "be wary of invalid keys" section from emailselfdefence.

Maybe I am missing something, but I find that section misleading. It
seems to mix up encryption and signing:

> make a habit of glancing at that bar. The program will warn you there
> if you get an email encrypted with a key that can't be trusted.

You should not trust the authenticity of an email if it was *signed*
with an untrusted key. This is also what is displayed in that bar.

On the other hand, *encrypting* a mail with an untrusted key is
dangerous, but there is *no bar* indicating this. Instead, there is the
"To send encrypted, accept only trusted keys" setting in Enigmail.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]