Page MenuHome GnuPG
Create Task
Maniphest T6769

Kleopatra: Improve warning on keyserver upload
Open, NormalPublic
Actions

Description

When uploading a certificate via Kleopatra you always get the same warning text, regardless if its your own or another ones. And the keyserver setting is not taken into account either. If its a public keyserver or a local AD does make a difference, though.

Current text:

<para>When OpenPGP certificates have been exported to a public directory 
server, it is nearly impossible to remove them again.</para><para>Before 
exporting your certificate to a public directory server, make sure that you 
have created a revocation certificate so you can revoke the certificate if 
needed later.</para><para>Are you sure you want to continue?</para>

The warning about the revocation certificate probably obsolete for your own certificates, too, as it is automatically created on key generation nowadays.

Regarding text changes because of public keyserver via AD, there also is ticket T6663 in the context of certification.

Related Objects

Event Timeline

ebo created this task.Oct 20 2023, 12:03 PM
aheinecke triaged this task as Normal priority.Oct 23 2023, 7:30 PM
aheinecke added a subscriber: aheinecke.

IMO for LDAP we should not warn at all. Because there it is possible to remove certificates.

I think that with the revocation should be kept. Because otherwise we would need to inform users where the revocation certificates are kept, so it is better if they save them themself. Although in the spirit of always providing the user with a clear next step I would like to see that the dialog offers a way to create a revocation certificate for a key for which a secret is available directly from the dialog.

so you can revoke the certificate if needed later.

Maybe change that to "if it is compromised, lost, or you forgot your password"

TBH I find the word "revocation" a bit hard to understand for laymen.