gpgsm should ship with a default trust list
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnupg2 (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
Binary package hint: gpgsm
gpgsm needs to trust the certificate authority that signed a certificate in order to verify that certificate. For security purposes, gpg-agent doesn't prompt users to add a CA to the trust list when it is first encountered. However, gpgsm ships with an empty trust list. To make matters worse, when a certificate is not verified because the CA is not trusted, there is no error message that indicates the problem or the solution.
Currently, the user has two options if she wants to use S/MIME: enable trust marking in the gpg-agent configuration file and reboot, or manually enter the CA fingerprints in the trust list. These steps are not well documented, and it is difficult to even determine why S/MIME is failing. S/MIME using gpgsm is essentially unusable for a typical user.
This could be avoided by shipping gpgsm with a trustlist.txt that contains the fingerprints of root certificates for common authorities, e.g. Thawte, Verisign, CACert, etc. I see no advantage to shipping an empty trust list, as the average user already has these authorities trusted is his browser.
I'm using Kubuntu Hardy.
perhaps we should integrate gnupg2 with the ca-certificates package.