-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a serious usability issue.
For me as well as for at least one other person that I
communicated with, the error message pops up every time
Thunderbird tries to autosave, which by default is every
five minutes (unless we set the "owner trust" to "ultimate").
In Thunderbird, automatic saving of drafts is enabled by
default, as far as I know (default of "mail.compose.autosave"
is true).
For the record: I have configured Thunderbird to routinely
send a BCC to myself.
Maybe that is playing a role here, but I don't think so.
I expect Enigmail to be usable by "mom and pop".
Even the improved error message does not help "mom and pop"
enough to understand and solve the problem.
According to a previos list mail, the 1.8.2 message reads:
"'x@y.z' cannot be matched to a valid, not expired OpenPGP
key. Please ensure that you have a valid OpenPGP key."
What exactly does "valid" mean here?
In the key management dialogue, or rather,
in the key properties dialogue,
what do "valid" and "invalid" keys look like?
If the key is not "valid", how do "mom and pop" make it so?
Can we design the UI in such a way that they can correctly
solve this kind of problem on their own?
Am 15.04.2015 um 21:04 schrieb Patrick Brunschwig:
> You have to check in the key manager if the key you specified in
> the accout settings for Enigmail is valid, fully trusted and not
> expired.
The message did not mention trust, yet you do.
The only way known to me to satisfy Enigmail/GPG is
to set the "owner trust" ("How much do you trust the owner of
the key to sign other keys properly?") for my own key to
"ultimate" (German: "absolut"). (Are there other ways?)
If I do this, the value of "Key Validity" (German:
"Schlüsselgültigkeit") changes from "unknown" (German: "unbekannt")
to "valid" (German: "absolut"). Setting any other "owner trust"
value sets the validity to "unknown" (German: "unbekannt").
This coupling of values is surprising to me.
Why should the trust I extend to a key signer affect the
validity of their key?
Note in particular that the description of "owner trust" as a
"signing trust" cited above does not talk about the validity
of the key itself or about any trust in the key itself.
If particular "signing trust" values imply assumptions about
the key itself, that should be made obvious,
at least with a link to a thorough explanation.
Someone who does not want to use the "web of trust" concept,
or does not even know about it,
should not have to worry about "trust in key signers" at all.
I assume that the concept is not technically required to
make the encryption and signing work securely.
Can someone confirm this?
As far as I remember, setting trust for my own key
was not necessary before Enigmail 1.8.
Can anyone confirm this?
I may very well be wrong, but a friend of mine had the same
issue, as far as I know.
If setting the "key signing trust" is indeed necessary,
the error message should state this and hint on how to solve
this, or even offer to fix the issue.
- - Regards, Rainer
PS: Further, I do not understand why I have to *set* validity
of and trust in my own key. I do trust my key, from its
creation, and this should be the default.
This is possibly not an Enigmail issue.
The lack of validity and trust may be due to the way I used to
import my key, which I do not remember exactly.
PPS: In my view, usability is the biggest deterrent in
widespread use of encryption (see "Why Johnny can't encrypt").
One person to whom I suggested to use OpenPGP and to whom I
offered help to set it up replied that he might as well drill
holes in his fingernails to lower his quality of life.
Not a nice reaction to my offer, but he has a point. :-)
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJVMLiMAAoJEI/iM7d3pEsvYNwP/1CIys2VRSs6Ku23wwPCpvbY
RbxYfoPdnkXXAEiawG2hX6z7ShDZy2cHzuZ+EeeUsXIJwFaKNp+CY9//aAjK4+P7
a8wOV7Pw1CGODLBUYXhLGiFqpp9yJbA+PR0Us0DeLYMh1ZH5rQxJ7GJkPhT8dPt/
JGd5s00ekX6pJruE36anPdAGE+lJTU9f+3DvukvgRW8q2+aPlF4Z3ZtkRieo7ewe
/JjxNoAVK2tHPxiS52RdFkLMEYQMqdgxKO0YaHl1kbCpkl71EtCHnLCQYLpkypMB
L7z/iU1gU8MMSq/YBP7lEmbI+l4Lo+AdZnIWzWSHVJUvY73OuyvEuxUMQkTDOrl7
1zHK8nKIVD4jss/+E07gPzI6z/exbFtAwGOliogJZPvS8VcbBVVF6+7a6e3M7fjh
p6E8rzatFkPGWDreu1XiTGJRrY6OvMNd9xrFABwUxRImw1+3qBiqmkA9+ZtBqqbY
XWtf5fkt+eFKews/GYaWTA6GVaq4q4Kpb3MKNRYdJW1Sn9qcanBcW6XGEmxCeWyN
jS2H4nGuz8Shb6C6PnZ2JArMAig8ZZatyB6A4O2SBYUHF1XHOWJ8JmtE8T2+Pjph
1JsEsw6MMNstLFcOXjZjuxJKtbouRIZyjKWFCrmOouaK6wYCaYYpdyqawRUHDHHL
x25xy2wg98zzKi+fCU+H
=H/h7
-----END PGP SIGNATURE-----
_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
