> IOW, some way of indicating that if you get a message without a
> certificate (or from a self-signed key, or whatever - I'm not a
> crypto expert)
Yes, kinder support for self-signed certs might be nice.
When receiving one, if everything else checks out and the only stumbling
block is the lack of trusted root, maybe the lock icon should have a
question mark or something, and the description text says something
about verifying the fingerprint or otherwise confirming the message. If
the user "knows" the mail is legit, he could then click the "trust it"
button and essentially import that cert into his trust database.
In fact, it'd be nice to have a button somewhere for "generate a
self-signed cert."
The current system is just not catching on in the general public--
perhaps it is in companies, but too much mail nowadays is flowing over
the net in openly readable text. We have to change that..
--
Note: I'm at didyma dot org, not org dot didyma.
