On 07/04/15 20:05, Daniel Kahn Gillmor wrote: > In a thread over on [email protected], i did a little thinking about the > UI/UX for cleartext signature verification in e-mail clients. > > A thought experiment about clearsigned messages follows; i'd be happy to > hear feedback. > > * For cleartext messages, what if enigmail treated a bad signature and > no signature in exactly the same way, from the receiving user's > perspective? > > There are two ways this could be done: > > 0) for broken signatures, simply show no indication that enigmail > ever thought there might have been a signature on the message > > 1) for all unsigned messages, and for all messages with broken > signatures, always show a simple, passive enigmail header that > says "this message had no valid signature" > > > The rationale that lead me to this thought experiment is: > > a) many MTAs can accidentally break signatures due to a variety of > reasons (line-wrapping, re-encoding, filtering, markup, etc) > > b) it is trivial for any MTA that wants to *deliberately* break a > signature to do so. > > c) it is trivial for a malicious MTA to modify an unsigned message so > that it looks like it has a broken signature from anyone it wants. > > d) most users are not prepared to debug or repair failed signatures in > any way. At best, they can forward the message to someone with more > skill who can look into it further. > > e) from an end-user perspective, a broken signature is actually not > much different than no signature at all. why highlight the > difference?
I would prefer to have the information that the signature existed but was broken. This provides a hint that the sender cared sufficiently and believed that the message content deserved a signature. It is an item of meta-data that should be of interest to the receiver. Even if he automatically signs everything he sends out (which would tend to lessen the concern about any individual item deserving a signature), it is, in my opinion, still of interest to know that the message was signed. And all the above comment in spite of item c) of your rationale above. If the contents of the message with a broken signature flag were of sufficiently high priority to me, I could take some action to contact the sender by other means - encrypted email, phone, snail mail, direct contact or by a sign left beneath a bush in the local park. Philip
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
