There is a flaw in our Trusted Introducer workflow with intermediate CAs.
- Company A sets Company B Key as trusted introducer for Company B, uploads the signed certificate.
- A user in Company A imports a key from Company B.
- Key is shown as untrusted until the Company B singing key is imported.
This is not intuitive and a user will not know to search for this key.
The problem is that I think we need a new keylist mode for this. auto-key-retrieve is semantically the right option but I don't want that when you start Kleopatra the keyserver is bombarded with requests for all signing keys. Kleo should decide for example after import or when certificate details are opened to use this search.
That is why this might be a Kleo only issue as Kleo could do this with the current API.