Bug 409719 - Plain text fallback when using untrusted keys
Summary: Plain text fallback when using untrusted keys
Status: REPORTED
Alias: None
Product: kmail2
Classification: Applications
Component: crypto (show other bugs)
Version: 5.9.3
Platform: Debian stable Linux
: NOR minor
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-11 14:34 UTC by wannespam
Modified: 2019-07-11 14:34 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description wannespam 2019-07-11 14:34:45 UTC
SUMMARY
KMail will fall back to plain text Mails if it thinks, that S/MIME certificates are not trustworthy. (Which btw. isn't the case. This will be another Bug.)
At first there are several scenarios where your and the receivers trust differ. So if you don't trust a certificate it is still valid to use it for signing. (But not for verifying signatures.)
At second there are different trust levels. (PGP even defines them explicitly.) You may want to be able to send unimportant messages (that would be sent otherwise in plain text) to a not *fully* trustworthy person. So again: Even for *en*cryption int makes perfect sense to allow to use not trusted keys. (At leas as long you support also plain text mails.)
And at last: You should at least consider, that your checking is broken (My be just due to misconfiguration because it uses the wrong time etc.) and allow the user to do it externally with openssl etc.. So if the user says it is trustworthy – just do as he says. ;-)

STEPS TO REPRODUCE
1. Use a system with a wrong date. (For example without a RTC.)
2. Try to send a signed message.
OBSERVED RESULT
3. KMail will warn and fall back to plain text.

EXPECTED RESULT
At first: KMail should never ever prefer plain text messages over signed ones.
This is absolute rubbish.
You could argue that there is a central truststore in x.509. But then you have to block all plain text mails also.

Falling back to plain text makes absolutely no sense at all.