On Wed, 2001-10-24 at 07:36, Dan Winship wrote:
> On Wed, 2001-10-24 at 09:55, Mike Leckey, Jr. wrote:
> > I received a signed message that I did not have the key for. The small
> > padlock was in a locked state, implying a good signature.
>
> The question-mark in the icon is supposed to imply "unknown".
>
> > If the message cannot be proven authentic, how about making the first
> > smaller lock broken as well as the second larger one w/details?
>
> It doesn't try to verify it until you click.
>
> The issue is that the previous completely-static PGP verification UI was
> trivially spoofable by just sending someone an HTML message containing
> the right graphics.
> In the new system, you don't get any information about whether the sig
> is good or not until you click on the lock, which is something that
> can't be emulated with the parts of HTML that GtkHTML supports.
Well, I would rather have to click an icon than worry about spoofing.
How about changing the text from "click for more information" to "click
for validity" or something similar?
--
Mike Leckey, Jr. [EMAIL PROTECTED] 602.231.1685
Honeywell Engines & Systems Phoenix, AZ
PGP signature
