On Wed, 2001-10-24 at 07:36, Dan Winship wrote:
> On Wed, 2001-10-24 at 09:55, Mike Leckey, Jr. wrote:
> > I received a signed message that I did not have the key for. The small
> > padlock was in a locked state, implying a good signature.
>
> The question-mark in the icon is supposed to imply "unknown".
>
> > If the message cannot be proven authentic, how about making the first
> > smaller lock broken as well as the second larger one w/details?
>
> It doesn't try to verify it until you click.
>
> The issue is that the previous completely-static PGP verification UI was
> trivially spoofable by just sending someone an HTML message containing
> the right graphics.
Good point, and a good solution, I think. Also means less clutter at
the bottom of every signed message, and slightly shorter message-load
times.
I like it! ...just takes some mental readjustment.
--Eric
PGP signature
