On Wed, 2001-10-24 at 10:33, Jens Lautenbacher wrote:
> On Wed, 2001-10-24 at 18:40, Miles Lane wrote:
> > As Dan has pointed out, it would be better if
> > the new, smaller icon was made into several icons that differentiate
> > between validated and unvalidated signatures.
>
> You don't know this before you pressed the button.
Oh right.
> > Another consideration is that the current lock icons seem to indicate
> > encryption, which isn't actually the case. Almost all the messages
> > are not encrypted. The digital signature only indicates that a public
> > key is attached.
>
> I suppose that you mean the right thing, but what you said is of course
> wrong. A signature does not contain the pubkey. A signature says that
> the signed message was signed with someones private key and if I have
> the public key of this person (and know/trust that the key I have really
> belongs to the person I think of) than I can validate that message as
> being signed with the persons priv key and not being altered afterwards.
Thanks for clarifying that.
The gpg man page says it supports the following key states:
- No ownertrust assigned / not yet cal�
culated.
e Trust calculation has failed; probably
due to an expired key.
q Not enough information for calcula�
tion.
n Never trust this key.
m Marginally trusted.
f Fully trusted.
u Ultimately trusted.
This indicates to me that Evolution could determine when it checks
the digital signature, whether the key is trusted or not and then
indicate that in its selection of icon to display.
> > It does not even indicate whether the key is trusted
> > or not, which is probably what most of us would really care about,
> > anyhow. The current icons indicate whether a key is a valid key,
> > not a trusted key.
>
> The "trusting" belongs to the public key which you have to get by other
> means (gnupg tries to automatically fetch the right public key belonging
> to the private key used to sign the message from a keyserver, but then
> of course you still have to trust that the key you just fetched really
> belongs to the actual person). The secure way is to exchange by a safe
> line (personal meeting) the "checksum" of the key with the person, so
> you can be sure that you have the right public key.
Right. Since the trusting status is recorded by GPG, I don't see
any trouble for Evolution to check that status when selecting the
icon. I am assuming that GPG is being used by someone who takes the
time to set up trusted keys by the methods you mention.
Miles
_______________________________________________
evolution maillist - [EMAIL PROTECTED]
http://lists.ximian.com/mailman/listinfo/evolution
