https://bugs.kde.org/show_bug.cgi?id=399050
Jan Kundrát <j...@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REPORTED |CONFIRMED
Ever confirmed|0 |1
--- Comment #10 from Jan Kundrát <j...@kde.org> ---
> That's interesting, however I'd not rely on the config of the
> IMAP server for
> end-to-end security (which PGP is assumed to provide).
And we are not, which is why I also added that second sentence :).
E-mail headers and ESMTP-level envelopes not being covered by PGP. The IMAP
server "can lie to us", and I claim that this does not open any extra attack
vector compared to, e.g., your ESMTP host maliciously mangling stuff on
delivery. That was my point.
> Depends on your point of view. I would not say those issues are super-bad.
> However, if we really want to rely on PGP for critical tasks
> I'd say there is
> still room for improvement in the UI of mail clients. Assume you receive a
> signed email from you employer with testcase #2 which includes a
> task-to-be-done-immediately (e.g. "The President: >>launch
> missiles<<") -- you
> may be stressed and not look into the signature details and just do it...
Thanks for reporting this. I think that adding the signer's recipient address
into the "valid signature" area will be an improvement.
For anybody reading this -- patches welcome, I will only have a chance to work
on this in a week or two, I guess.
--
You are receiving this mail because:
You are watching all bug changes.
