Page MenuHome GnuPG
Create Task
Maniphest T6410

Kleopatra: trust root certificate allowed for user
Closed, WontfixPublic
Actions

Description

Noticed that a user can trust a root certificate and thereby add it to their local trustlist.txt

AFAIK this should per default not be enabled in GnuPG VSD. Or at least not via Kleopatra.

Details

Version
3.1.26

Event Timeline

ebo created this task.Mar 14 2023, 12:39 PM
ikloecker added a subscriber: ikloecker.Mar 14 2023, 6:27 PM

Are you using an actual GnuPG VSD installer? I'm asking because, as far as I know, several actions are disabled via immutable config entries that are only shipped to customers.

ebo added a comment.Mar 15 2023, 8:45 AM

Yes, the installation was with the unmodified Installer GnuPG-VS-Desktop-3.1.26.0-Standard.msi

werner added a subscriber: werner.Mar 15 2023, 9:49 AM

I would suggest that with the VSD 3.2 we make --no-user-trustlist the default via the corresponding registry entry and explain how to use --sys-trustlist-name to use a custom trustlist.

aheinecke closed this task as Wontfix.Mar 15 2023, 10:10 AM
aheinecke claimed this task.
aheinecke added a subscriber: aheinecke.

I disagree. Unless customers explicitly request it users should be able to trust root certificates manually. I do not see much difference between this and allowing users to certify their own certificates.
This can be required when a user wants to encrypt something to an unknown certificate, regardless of VS-NfD or not.

ebo removed a project: Restricted Project.Apr 12 2023, 4:10 PM