Bug 409719

Summary: Plain text fallback when using untrusted keys
Product: [Applications] kmail2 Reporter: wannespam
Component: cryptoAssignee: kdepim bugs <kdepim-bugs>
Status: REPORTED ---    
Severity: minor    
Priority: NOR    
Version: 5.9.3   
Target Milestone: ---   
Platform: Debian stable   
OS: Linux   
Latest Commit: Version Fixed In:

Description wannespam 2019-07-11 14:34:45 UTC 
SUMMARY
KMail will fall back to plain text Mails if it thinks, that S/MIME certificates are not trustworthy. (Which btw. isn't the case. This will be another Bug.)
At first there are several scenarios where your and the receivers trust differ. So if you don't trust a certificate it is still valid to use it for signing. (But not for verifying signatures.)
At second there are different trust levels. (PGP even defines them explicitly.) You may want to be able to send unimportant messages (that would be sent otherwise in plain text) to a not *fully* trustworthy person. So again: Even for *en*cryption int makes perfect sense to allow to use not trusted keys. (At leas as long you support also plain text mails.)
And at last: You should at least consider, that your checking is broken (My be just due to misconfiguration because it uses the wrong time etc.) and allow the user to do it externally with openssl etc.. So if the user says it is trustworthy – just do as he says. ;-)

STEPS TO REPRODUCE
1. Use a system with a wrong date. (For example without a RTC.)
2. Try to send a signed message.
OBSERVED RESULT
3. KMail will warn and fall back to plain text.

EXPECTED RESULT
At first: KMail should never ever prefer plain text messages over signed ones.
This is absolute rubbish.
You could argue that there is a central truststore in x.509. But then you have to block all plain text mails also.

Falling back to plain text makes absolutely no sense at all.