[Bug 44699] can't encrypt with gpg if the receiver's key is not signed

[Torsten Landschoff]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
You are a voter for the bug, or are watching someone who is.
         
http://bugs.kde.org/show_bug.cgi?id=44699         




------- Additional Comments From torsten debian org  2008-02-21 14:04 -------
Come on, this can't be true. kmail disallows me to send encrypted with an untrusted key - why!? Warning is okay, perhaps in bold letters and some "I am really sure" check.

This misfeature makes kontact all but useless for me. I won't go and sign any key of other Debian people I did not meet in person - I can't be sure the key matches the person. But at least it will only be readable by the person having the key, no t to every mail server in between us. 

For work I have a big list of keys which I won't sign. For one I know the person relating to the key, but I did never check any passports. So I won't sign them. So the "solution" to use kmail is to --lsign every key? Not!

While I am just using Thunderbird again in disbelief, others will happily sign every key just to be able to send an email. For me this looks like a security problem (the social engineering kind) and not like a wishlist bug.

Please fix this!