Page MenuHome GnuPG

Kleopatra: trust root certificate allowed for user
Closed, WontfixPublic

Description

Noticed that a user can trust a root certificate and thereby add it to their local trustlist.txt

AFAIK this should per default not be enabled in GnuPG VSD. Or at least not via Kleopatra.

Details

Version
3.1.26

Event Timeline

Are you using an actual GnuPG VSD installer? I'm asking because, as far as I know, several actions are disabled via immutable config entries that are only shipped to customers.

Yes, the installation was with the unmodified Installer GnuPG-VS-Desktop-3.1.26.0-Standard.msi

I would suggest that with the VSD 3.2 we make --no-user-trustlist the default via the corresponding registry entry and explain how to use --sys-trustlist-name to use a custom trustlist.

aheinecke claimed this task.
aheinecke added a subscriber: aheinecke.

I disagree. Unless customers explicitly request it users should be able to trust root certificates manually. I do not see much difference between this and allowing users to certify their own certificates.
This can be required when a user wants to encrypt something to an unknown certificate, regardless of VS-NfD or not.

ebo removed a project: Restricted Project.Apr 12 2023, 4:10 PM