[Gpg4win-devel] vs S/MIME (Re: Putty and ECDSA support for gpg-agent in 2.0)
Werner Koch
wk at gnupg.org
Wed Jul 10 17:52:48 CEST 2013
On Wed, 10 Jul 2013 17:27, bernhard at intevation.de said:
> How does this question work?
> Does it trust the root ca in the dirmngr as well?
IIRC, the dirmngr also ask gpgsm whether it shall trust a root.
> Up to recently the "allow-mark-trusted" setting let to
> a lower security, because people will just press yes, when they are task
How can anything lower the security of an entirely broken system?
Granted, if it is used within a large organisation running its own CA,
X.509 won't suffer from problems. But then a sysadmin can easily change
the default.
Allow mark trusted is the default for 2 years now:
2011-01-24 Werner Koch <wk at g10code.com>
* patches/gnupg2/02-allow-mark-trusted.patch: New.
* Makefile.am (EXTRA_DIST): Add it.
> question. When does it come?
Right when gpgsm figures that it has no idea whether to trust the root
certificate.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gpg4win-devel
mailing list