https://bugs.kde.org/show_bug.cgi?id=399050
Jan Kundrát <j...@kde.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REPORTED |CONFIRMED Ever confirmed|0 |1 --- Comment #10 from Jan Kundrát <j...@kde.org> --- > That's interesting, however I'd not rely on the config of the > IMAP server for > end-to-end security (which PGP is assumed to provide). And we are not, which is why I also added that second sentence :). E-mail headers and ESMTP-level envelopes not being covered by PGP. The IMAP server "can lie to us", and I claim that this does not open any extra attack vector compared to, e.g., your ESMTP host maliciously mangling stuff on delivery. That was my point. > Depends on your point of view. I would not say those issues are super-bad. > However, if we really want to rely on PGP for critical tasks > I'd say there is > still room for improvement in the UI of mail clients. Assume you receive a > signed email from you employer with testcase #2 which includes a > task-to-be-done-immediately (e.g. "The President: >>launch > missiles<<") -- you > may be stressed and not look into the signature details and just do it... Thanks for reporting this. I think that adding the signer's recipient address into the "valid signature" area will be an improvement. For anybody reading this -- patches welcome, I will only have a chance to work on this in a week or two, I guess. -- You are receiving this mail because: You are watching all bug changes.